Funadmin Security Vulnerabilities and Issues — Funadmin CVE List

Lucene search

FunadminFunadmin

16 matches found

CVE•added 2023/06/22 3:15 p.m.•132 views

CVE-2023-36097

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.

9.8CVSS9.4AI score0.00316EPSS

CVE•added 2023/03/10 1:15 p.m.•84 views

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.

9.8CVSS9.8AI score0.00553EPSS

CVE•added 2023/03/08 9:15 p.m.•59 views

CVE-2023-24782

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.

9.8CVSS9.8AI score0.00071EPSS

CVE•added 2023/03/07 6:15 p.m.•48 views

CVE-2023-24775

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.

9.8CVSS9.8AI score0.58311EPSS

CVE•added 2023/03/06 8:15 p.m.•45 views

CVE-2023-24776

Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.

9.8CVSS9.8AI score0.01361EPSS

CVE•added 2023/03/08 4:15 p.m.•44 views

CVE-2023-24773

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.

9.8CVSS9.8AI score0.00091EPSS

CVE•added 2023/03/08 10:15 p.m.•42 views

CVE-2023-24777

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.

9.8CVSS9.8AI score0.00065EPSS

CVE•added 2023/03/08 12:15 a.m.•41 views

CVE-2023-24780

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.

9.8CVSS9.8AI score0.00248EPSS

CVE•added 2024/10/25 9:15 p.m.•40 views

CVE-2024-48226

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.

9.8CVSS8.3AI score0.00097EPSS

CVE•added 2024/10/25 9:15 p.m.•39 views

CVE-2024-48218

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.

9.8CVSS8.2AI score0.00097EPSS

CVE•added 2023/03/07 3:15 p.m.•38 views

CVE-2023-24781

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.

9.8CVSS9.8AI score0.00071EPSS

CVE•added 2024/10/25 9:15 p.m.•36 views

CVE-2024-48223

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.

9.8CVSS8.2AI score0.00097EPSS

CVE•added 2024/10/25 9:15 p.m.•36 views

CVE-2024-48225

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

9.1CVSS7.3AI score0.00217EPSS

CVE•added 2024/10/25 9:15 p.m.•36 views

CVE-2024-48229

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

9.8CVSS8.3AI score0.00097EPSS

CVE•added 2024/10/25 9:15 p.m.•35 views

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

9.8CVSS8.3AI score0.00132EPSS

CVE•added 2024/10/25 9:15 p.m.•34 views

CVE-2024-48222

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.

9.8CVSS8.2AI score0.00097EPSS