15 matches found
CVE-2026-2896
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
GHSA-5M2G-4CF6-C3RG funadmin has Incorrect Privilege Assignment in its Configuration Handler
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the setConfig function in the Configuration Handler. An attacker can gain unauthorized access to sensitive information and modify configuration settings by sending crafted requests remotely. Remediatio...
funadmin has Incorrect Privilege Assignment in its Configuration Handler
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
FunAdmin 授权问题漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have authorization-related vulnerabilities. These vulnerabilities stem from incorrect operations on the setConfig function in the component Configuration Handler...
CVE-2026-2896 funadmin Configuration Ajax.php setConfig improper authorization
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896 funadmin Configuration Ajax.php setConfig improper authorization
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896
Funadmin up to 7.1.0-rc4 is affected by CVE-2026-2896 due to a flaw in the setConfig function of app/backend/controller/Ajax.php (Configuration Handler). The issue allows remote manipulation to cause improper authorization. Exploitation is possible over the network with no privileges and no user ...
PT-2026-21400
Name of the Vulnerable Software and Affected Versions funadmin versions up to 7.1.0-rc4 Description A weakness exists in funadmin that could lead to improper authorization. This is due to a manipulation possible in the setConfig function within the app/backend/controller/Ajax.php file of the...
Improper Access Control
Overview gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Improper Access Control when the routes 'getConfig' and 'setConfig' were accessible. Remediation Upgrade gpt-researcher to...
VMware vRealize Log Insight setConfig Missing Authentication for Critical Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setConfig function. The issue results from the lack of authentication...
Code injection
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...