28 matches found
Sql injection
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php...
CVE-2023-24775
CVE-2023-24775 affects Funadmin v3.2.0. The issue is a SQL injection in the selectFields parameter of the file path \member\Member.php, enabling attacker-controlled SQL fragments. Public references (Red Hat, GHSA, OSV, NVD) reiterate the same vector and impact (high confidentiality, integrity, av...
FunAdmin SQL注入漏洞
FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . FunAdmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the memberMember.php selectFields parameter found to contain SQL injection...
CVE-2023-24781
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...
CVE-2023-24781
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php...
CVE-2023-24781
Funadmin v3.2.0 is affected by a SQL injection vulnerability in the selectFields parameter used by member/MemberLevel.php. This CVE (CVE-2023-24781) is characterized by a high-severity impact (CVSS v3.1 base score 9.8) with attacker access over the network and no privileges required, indicating p...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php...