Vulnerabilities (CVE)

Filtered by vendor Funadmin Subscribe
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-48230 1 Funadmin 1 Funadmin 2024-10-31 N/A 7.2 HIGH
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
CVE-2024-48229 1 Funadmin 1 Funadmin 2024-10-31 N/A 7.2 HIGH
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.
CVE-2024-48227 1 Funadmin 1 Funadmin 2024-10-31 N/A 4.9 MEDIUM
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).
CVE-2024-48223 1 Funadmin 1 Funadmin 2024-10-31 N/A 7.2 HIGH
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
CVE-2024-48222 1 Funadmin 1 Funadmin 2024-10-31 N/A 7.2 HIGH
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
CVE-2024-48218 1 Funadmin 1 Funadmin 2024-10-31 N/A 7.2 HIGH
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
CVE-2024-48226 1 Funadmin 1 Funadmin 2024-10-31 N/A 7.2 HIGH
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.
CVE-2024-48225 1 Funadmin 1 Funadmin 2024-10-31 N/A 6.5 MEDIUM
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.
CVE-2024-48224 1 Funadmin 1 Funadmin 2024-10-31 N/A 4.9 MEDIUM
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
CVE-2023-2477 1 Funadmin 1 Funadmin 2024-05-17 4.0 MEDIUM 6.1 MEDIUM
A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability.
CVE-2023-36097 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.
CVE-2023-24780 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.
CVE-2023-24776 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.
CVE-2023-24775 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.
CVE-2023-24782 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.
CVE-2023-24773 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.
CVE-2023-24774 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.
CVE-2023-24777 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.
CVE-2023-24781 1 Funadmin 1 Funadmin 2024-02-04 N/A 9.8 CRITICAL
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.