302 matches found
FunAdmin 代码问题漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the cloudaccount parameter in the function getMember within the component’s Backen...
FunAdmin 代码注入漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the app/backend/view/index/index.html file of the component'...
FunAdmin 授权问题漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have authorization-related vulnerabilities. These vulnerabilities stem from incorrect operations on the setConfig function in the component Configuration Handler...
PT-2026-21403
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud account results in deserialization. The attack may be performed from...
PT-2026-21402
A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be...
CVE-2026-2896 funadmin Configuration Ajax.php setConfig improper authorization
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896 funadmin Configuration Ajax.php setConfig improper authorization
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896
Funadmin up to 7.1.0-rc4 is affected by CVE-2026-2896 due to a flaw in the setConfig function of app/backend/controller/Ajax.php (Configuration Handler). The issue allows remote manipulation to cause improper authorization. Exploitation is possible over the network with no privileges and no user ...
CVE-2026-2894
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...
CVE-2026-2895
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
CVE-2026-2894
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...
CVE-2026-2895
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
CVE-2026-2895
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
CVE-2026-2895
CVE-2026-2895 affects funadmin up to 7.1.0-rc4. The vulnerability is in the function repass of the file app/frontend/controller/Member.php . Manipulating the arguments forget_code/vercode enables weak password recovery and allows remote exploitation . Reported exploitation is possible; the attack...
CVE-2026-2895 funadmin Member.php repass password recovery
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
CVE-2026-2895 funadmin Member.php repass password recovery
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
CVE-2026-2894
FunAdmin up to 7.1.0-rc4 is affected by an access-control error in the forget.html getMember function that enables information disclosure. The issue allows remote exploitation with publicly available exploit code. Multiple sources confirm the vulnerability in the same component and version range....
CVE-2026-2894 funadmin forget.html getMember information disclosure
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...
CVE-2026-2894 funadmin forget.html getMember information disclosure
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...