CVE-2023-24776 – Funadmin v3.2.0 contains a remote code executio... (How to Fix)

Q: What is the severity of CVE-2023-24776?

CVE-2023-24776 has a CVSS score of 9.8 (CRITICAL). Funadmin v3.2.0 contains a remote code execution vulnerability in the Addon.php controller component that allows attackers to execute arbitrary code on affected systems. This affects all installations running the vulnerable version of Funadmin, potentially compromising the entire server.

📋 TL;DR

Funadmin v3.2.0 contains a remote code execution vulnerability in the Addon.php controller component that allows attackers to execute arbitrary code on affected systems. This affects all installations running the vulnerable version of Funadmin, potentially compromising the entire server.

💻 Affected Systems

Products:

Funadmin

Versions: v3.2.0

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of Funadmin v3.2.0 are vulnerable. No special configuration required.

📦 What is this software?

Funadmin by Funadmin

View all CVEs affecting Funadmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with attacker gaining full control, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Webshell deployment leading to data theft, credential harvesting, and use as attack platform for further exploitation.

🟢

If Mitigated

Limited impact with proper network segmentation, WAF rules, and minimal privileges reducing attack surface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a core controller component and requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.2.1 or later

Vendor Advisory: https://github.com/funadmin/funadmin/issues/7

Restart Required: No

Instructions:

1. Backup current installation. 2. Download latest version from official repository. 3. Replace vulnerable files. 4. Verify functionality.

🔧 Temporary Workarounds

Disable Addon Module

linux

Temporarily disable the vulnerable Addon.php controller component

mv controller/Addon.php controller/Addon.php.disabled

WAF Rule Implementation

all

Add web application firewall rules to block malicious requests to Addon.php

🧯 If You Can't Patch

Implement strict network access controls to limit access to Funadmin interface
Deploy application-level monitoring and alerting for suspicious Addon.php activity

🔍 How to Verify

Check if Vulnerable:

Check if Funadmin version is exactly 3.2.0 by examining version files or admin panel

Check Version:

grep -r '3.2.0' /path/to/funadmin/ || cat /path/to/funadmin/version.txt

Verify Fix Applied:

Verify version is 3.2.1 or later and test Addon.php functionality is properly secured

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to Addon.php
System command execution in web logs
Unexpected file uploads or modifications

Network Indicators:

HTTP requests with suspicious parameters to Addon endpoint
Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND uri="*Addon.php*" AND (method="POST" OR params="*system*" OR params="*exec*")

📊 Metadata

CVE ID: CVE-2023-24776

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: March 6, 2023

Last Updated: March 6, 2025

🔗 References

https://github.com/funadmin/funadmin/issues/7 Exploit,Issue Tracking
https://github.com/funadmin/funadmin/issues/7 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24776, you might also want to check these: