302 matches found
Sql injection
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php...
FunAdmin SQL注入漏洞
FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . FunAdmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the memberMember.php selectFields parameter found to contain SQL injection...
CVE-2023-24780
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns...
CVE-2023-24781
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
CVE-2023-24775
CVE-2023-24775 affects Funadmin v3.2.0. The issue is a SQL injection in the selectFields parameter of the file path \member\Member.php, enabling attacker-controlled SQL fragments. Public references (Red Hat, GHSA, OSV, NVD) reiterate the same vector and impact (high confidentiality, integrity, av...
CVE-2023-24781
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php...
CVE-2023-24781
Funadmin v3.2.0 is affected by a SQL injection vulnerability in the selectFields parameter used by member/MemberLevel.php. This CVE (CVE-2023-24781) is characterized by a high-severity impact (CVSS v3.1 base score 9.8) with attacker access over the network and no privileges required, indicating p...
CVE-2023-24780
Funadmin v3.2.0 contains a SQL injection vulnerability exposed via the id parameter in /databases/table/columns. CVSS v3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, no user interaction. Impact: high on confidentiality, integrity, and availability. No remediation details are provided i...
FunAdmin SQL注入漏洞
FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . Funadmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the memberMemberLevel.php selectFields parameter found to contain SQL injecti...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
CVE-2023-24780
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns...
Remote code execution in Funadmin
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
GHSA-7G53-JJ25-JHGR Remote code execution in Funadmin
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
CVE-2023-24776
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
CVE-2023-24776
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
Remote code execution
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
CVE-2023-24776
Funadmin v3.2.0 is affected by a remote code execution (RCE) vulnerability in the controllerAddon.php component (via \controller\Addon.php). NVD lists CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction required, and impact to confidentiality, integr...
CVE-2023-24776
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
CVE-2023-24776
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...