CVE-2023-24781 – Funadmin v3.2.0 contains a SQL injection vulner... (How to Fix)

Q: What is the severity of CVE-2023-24781?

CVE-2023-24781 has a CVSS score of 9.8 (CRITICAL). Funadmin v3.2.0 contains a SQL injection vulnerability in the selectFields parameter at /member/MemberLevel.php. This allows attackers to execute arbitrary SQL commands on the database. Any organization running Funadmin v3.2.0 is affected.

📋 TL;DR

Funadmin v3.2.0 contains a SQL injection vulnerability in the selectFields parameter at /member/MemberLevel.php. This allows attackers to execute arbitrary SQL commands on the database. Any organization running Funadmin v3.2.0 is affected.

💻 Affected Systems

Products:

Funadmin

Versions: v3.2.0

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Funadmin v3.2.0 with the vulnerable MemberLevel.php file

📦 What is this software?

Funadmin by Funadmin

View all CVEs affecting Funadmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or full system takeover via SQL injection to RCE chaining

🟠

Likely Case

Database information disclosure, authentication bypass, or privilege escalation

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing and this vulnerability requires no authentication

🏢 Internal Only: HIGH - Even internal applications can be exploited by malicious insiders or compromised accounts

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized and this appears to be straightforward to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.2.1 or later

Vendor Advisory: https://github.com/funadmin/funadmin/issues/8

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download the latest version from the official repository. 3. Replace the vulnerable MemberLevel.php file. 4. Verify the fix by testing the selectFields parameter.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to reject malicious SQL characters in the selectFields parameter

Modify MemberLevel.php to sanitize the selectFields parameter before processing

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule to detect and block SQL injection attempts in selectFields parameter

🧯 If You Can't Patch

Implement strict input validation and parameterized queries for all database operations
Restrict database user permissions to minimum required access

🔍 How to Verify

Check if Vulnerable:

Test the selectFields parameter at /member/MemberLevel.php with SQL injection payloads like ' OR '1'='1

Check Version:

Check the Funadmin version in configuration files or admin panel

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and that parameterized queries are implemented

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts from single IP
SQL syntax errors in application logs

Network Indicators:

HTTP requests with SQL keywords in selectFields parameter
Unusual database connection patterns

SIEM Query:

source="web_logs" AND (selectFields CONTAINS "UNION" OR selectFields CONTAINS "SELECT" OR selectFields CONTAINS "OR 1=1")

📊 Metadata

CVE ID: CVE-2023-24781

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 7, 2023

Last Updated: March 6, 2025

🔗 References

https://github.com/funadmin/funadmin/issues/8 Exploit,Issue Tracking
https://github.com/funadmin/funadmin/issues/8 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24781, you might also want to check these: