SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the delfile method in controller\Index.php. An attacker can execute arbitrary SQL commands and delete files without proper authorization. Remediation There is no fixed version for funadmin/funadmin. References - GitHub...