Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

302 matches found

OSV
OSVadded 2024/10/21 12:15 p.m.2 views

CVE-2024-48231

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...

7.2CVSS8.3AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/10/21 12:0 a.m.23 views

CVE-2024-48231

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...

8AI score0.00143EPSS
Exploits1References1
CVE
CVEadded 2024/10/21 12:0 a.m.55 views

CVE-2024-48231

CVE-2024-48231 affects Funadmin 5.0.2. The vulnerability is an SQL Injection in the backend/auth/Auth.php: the index() method mishandles the selectFields parameter, enabling manipulation of database queries. This is confirmed across multiple sources (Veracode, Snyk, GHSA, OSV, NVD) describing a S...

7.2CVSS7.6AI score0.00143EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2024/10/21 12:0 a.m.12 views

CVE-2024-48231

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...

0.00143EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/10/21 12:0 a.m.2 views

PT-2024-33042 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 5.0.2 Description: The issue is related to SQL Injection via the selectFields parameter in the index method of the Auth.php file. This allows for potential exploitation. Recommendations: For Funadmin version 5.0.2, consider...

8.6CVSS7.3AI score0.00143EPSS
Exploits1References7
CNNVD
CNNVDadded 2024/10/21 12:0 a.m.1 views

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which stems from a SQL injection vulnerability in the selectFields parameter of the index method of...

7.2CVSS8AI score0.00143EPSS
Exploits1References2
Veracode
Veracodeadded 2023/06/23 10:35 a.m.12 views

Unrestricted File Upload

funadmin/funadmin is vulnerable to Unrestricted File Uploads. The vulnerability exists in localinstall function at Addon.php due to not restricting plugin files that can be uploaded which allows an attacker to perform unauthorized actions...

9.8CVSS6.7AI score0.00421EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2023/06/22 3:30 p.m.13 views

GHSA-5M3M-Q8CQ-77G4 fuadmin vulnerable to insecure file upload

funadmin v3.3.2 and v3.3.3 are vulnerable to insecure file upload via the plugins install...

9.8CVSS9.5AI score0.00421EPSS
Exploits1References3
OSV
OSVadded 2023/06/22 3:15 p.m.15 views

CVE-2023-36097

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...

9.8CVSS7.1AI score
Exploits0References1
NVD
NVDadded 2023/06/22 3:15 p.m.10 views

CVE-2023-36097

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...

9.8CVSS9.5AI score0.00421EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2023/06/22 3:15 p.m.1 views

CVE-2023-36097

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...

9.8CVSS5.7AI score0.00421EPSS
Exploits1References2
Prion
Prionadded 2023/06/22 3:15 p.m.8 views

Design/Logic Flaw

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...

7.5CVSS9.5AI score0.00421EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2023/06/22 12:0 a.m.137 views

CVE-2023-36097

CVE-2023-36097 affects FunAdmin v3.3.2 and v3.3.3. The issue is an insecure file upload in the plugin installation process, caused by insufficient validation/restrictions on uploaded plugin files. This vulnerability allows an attacker to upload malicious files via the local install mechanism, pot...

9.8CVSS9.4AI score0.00421EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/06/22 12:0 a.m.12 views

CVE-2023-36097

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...

6.8AI score0.00421EPSS
Exploits1References1
CNNVD
CNNVDadded 2023/06/22 12:0 a.m.1 views

FunAdmin 代码问题漏洞

FunAdmin is FunAdmin open source a lightweight and high quality backend development system based on ThinkPHP6 + Layui development . FunAdmin version 3.3.2 and 3.3.3 version of a security vulnerability , the vulnerability stems from allowing the installation of plug-ins through the upload of...

9.8CVSS8.3AI score0.00421EPSS
Exploits1References2
Cvelist
Cvelistadded 2023/06/22 12:0 a.m.8 views

CVE-2023-36097

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...

9.7AI score0.00421EPSS
Exploits1References1
Veracode
Veracodeadded 2023/05/23 2:49 a.m.13 views

Cross-Site Scripting (XSS)

funadmin is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the JS file name which could be maliciously constructed via tagLoad function of the file Cx.php, which allows an attacker to inject and execute malicious JavaScript on the victim's browser...

6.1CVSS6AI score0.002EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2023/05/02 2:15 p.m.7 views

CVE-2023-2477

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

6.1CVSS4.5AI score0.002EPSS
Exploits1References3
OSV
OSVadded 2023/05/02 2:15 p.m.10 views

CVE-2023-2477

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

6.1CVSS6.4AI score
Exploits0References3
Prion
Prionadded 2023/05/02 2:15 p.m.19 views

Cross site scripting

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

4CVSS6AI score0.002EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder