CVE-2024-48231

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php.

CVE-2024-48227

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

CVE-2024-48226

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.

CVE-2024-48218

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.

CVE-2024-48223

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.

CVE-2024-48225

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

CVE-2024-48229

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

CVE-2024-48222

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.

CVE-2024-48224

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.