CVE-2026-2897

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be...

SQL Injection

Funadmin is vulnerable to SQL Injection. The vulnerability is due to an arbitrary file read in the /curd/index/editfile endpoint...

SQL Injection

Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input validation in curd/table/savefield, allowing malicious SQL code to be executed. Attackers can exploit this vulnerability to manipulate database queries, potentially gaining unauthorized access to or tampering with...

Denial Of Service (DoS)

funadmin/funadmin is vulnerable to a Denial of Service DOS. The vulnerability is due to a logical flaw in the Curd one-click command deletion function, which can lead to a DOS condition...

PT-2024-33038 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: An issue was found in the selectfiles method in backendcontrollersysAttachh.php, where it directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site...