Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the repass function in the file app/frontend/controller/Member.php when handling the forgetcode or vercode arguments. An attacker can reset user passwords without proper...

CVE-2026-2895

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

CVE-2026-2895

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

CVE-2026-2895 funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

FunAdmin 授权问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin prior to 7.1.0-rc4 contained authorization-related vulnerabilities. These vulnerabilities stemmed from incorrect handling of the forgetcode/vercode parameters in the...

PT-2026-21399

Name of the Vulnerable Software and Affected Versions funadmin versions through 7.1.0-rc4 Description A security flaw exists in funadmin that allows for weak password recovery. The issue is located in the repass function within the app/frontend/controller/Member.php file. Manipulation of the forg...