34 matches found
EUVD-2023-1052
Malicious code in bioql PyPI...
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2023-24781
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the selectFields parameter in the index function in Auth.php. Remediation There is no fixed version for funadmin/funadmin. References - GitHub Issue - Vulnerable Code...
SQL injection in funadmin
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php...
GHSA-7PP4-388X-2XQJ SQL injection in funadmin
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php...
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2024-48231
CVE-2024-48231 affects Funadmin 5.0.2. The vulnerability is an SQL Injection in the backend/auth/Auth.php: the index() method mishandles the selectFields parameter, enabling manipulation of database queries. This is confirmed across multiple sources (Veracode, Snyk, GHSA, OSV, NVD) describing a S...
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...
Exploit for SQL Injection in Funadmin
CVE-2023-24775-and-CVE-2023-24780 my python poc 2023-24780 and...
Funadmin vulnerable to SQL injection
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
Sql injection
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
PT-2023-19773 · Funadmin · Funadmin
Name of the Vulnerable Software and Affected Versions: Funadmin version 3.2.0 Description: The issue is related to a SQL injection vulnerability. It occurs via the selectFields parameter at the controllerauthAuth.php file. Recommendations: For Funadmin version 3.2.0, avoid using the selectFields...
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
Funadmin SQL注入漏洞
FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . Funadmin v3.2.0 version has a security vulnerability , the vulnerability stems from the selectFields parameter through controllerauthAuth.php found to contain SQL...
GHSA-V43V-PV95-JC55 SQL Injection in Funadmin
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...