21 matches found
CVE-2023-36097
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.
CVE-2023-24782
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.
CVE-2023-2477
A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed...
CVE-2023-24775
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php.
CVE-2023-24776
Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.
CVE-2023-24773
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.
CVE-2024-48227
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).
CVE-2024-48228
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).
CVE-2023-24777
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.
CVE-2023-24780
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.
CVE-2024-48226
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.
CVE-2024-48218
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
CVE-2023-24781
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.
CVE-2024-48223
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
CVE-2024-48225
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.
CVE-2024-48229
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.
CVE-2024-48230
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
CVE-2024-48222
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.