CVE-2026-2894
FunAdmin up to 7.1.0-rc4 is affected by an access-control error in the forget.html getMember function that enables information disclosure. The issue allows remote exploitation with publicly available exploit code. Multiple sources confirm the vulnerability in the same component and version range....