28 matches found
EUVD-2023-1052
Malicious code in bioql PyPI...
CVE-2023-24781
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the selectFields parameter in the index function in Auth.php. Remediation There is no fixed version for funadmin/funadmin. References - GitHub Issue - Vulnerable Code...
SQL injection in funadmin
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php...
GHSA-7PP4-388X-2XQJ SQL injection in funadmin
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php...
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2024-48231
CVE-2024-48231 affects Funadmin 5.0.2. The vulnerability is an SQL Injection in the backend/auth/Auth.php: the index() method mishandles the selectFields parameter, enabling manipulation of database queries. This is confirmed across multiple sources (Veracode, Snyk, GHSA, OSV, NVD) describing a S...
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...
Funadmin vulnerable to SQL injection
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
Sql injection
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
PT-2023-19773 · Funadmin · Funadmin
Name of the Vulnerable Software and Affected Versions: Funadmin version 3.2.0 Description: The issue is related to a SQL injection vulnerability. It occurs via the selectFields parameter at the controllerauthAuth.php file. Recommendations: For Funadmin version 3.2.0, avoid using the selectFields...
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...
GHSA-V43V-PV95-JC55 SQL Injection in Funadmin
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
SQL Injection in Funadmin
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
Sql injection
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...