CVE-2023-2477 Funadmin Cx.php tagLoad cross site scripting

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

CVE-2023-2477

CVE-2023-2477 affects Funadmin up to version 3.2.3. The vulnerability lies in the function tagLoad in file Cx.php where manipulating the argument file enables Cross-Site Scripting (XSS) . Exploitation can be carried out remotely and public disclosures exist. A practical mitigation mentioned in so...

FunAdmin 跨站脚本漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6+Layui development of a lightweight high-profile backend development system . FunAdmin version 3.2.3 and previous versions of cross-site scripting vulnerability , the vulnerability stems from the wrong operation of the parameter file leads to...

PT-2023-19771 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin versions up to 3.2.3 Description: A vulnerability has been found in the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross-site scripting. The attack can be launched remotely. Recommendations: F...

Exploit for SQL Injection in Funadmin

CVE-2023-24775-and-CVE-2023-24780 my python poc 2023-24780 and...

GHSA-JX2X-FG9P-7GC7 Funadmin vulnerable to SQL injection

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

Funadmin vulnerable to SQL injection

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

Sql injection

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

CVE-2023-24774

Funadmin 3.2.0 is affected by an SQL injection via the selectFields parameter in controller/auth/Auth.php. The vulnerability enables unauthenticated network-exposed exploitation with high impact on confidentiality, integrity and availability (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base 9...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

PT-2023-19773 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 3.2.0 Description: The issue is related to a SQL injection vulnerability. It occurs via the selectFields parameter at the controllerauthAuth.php file. Recommendations: For Funadmin version 3.2.0, avoid using the selectFields...

Funadmin SQL注入漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . Funadmin v3.2.0 version has a security vulnerability , the vulnerability stems from the selectFields parameter through controllerauthAuth.php found to contain SQL...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

SQL Injection in Funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list...

GHSA-PVP6-53R9-8VXH SQL Injection in Funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list...

CVE-2023-24777

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list...

CVE-2023-24777

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list...

Sql injection

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list...