📦 Funadmin
by Funadmin
🔍 What is Funadmin?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Funadmin v3.3.2 and v3.3.3 contain an insecure file upload vulnerability in the plugins installation feature. Attackers can upload malicious files, potentially leading to remote code execution. Any sy...
Funadmin v3.2.0 contains a SQL injection vulnerability in the selectFields parameter at controller/auth/Auth.php. This allows attackers to execute arbitrary SQL commands, potentially compromising the ...
Funadmin v3.2.0 contains a SQL injection vulnerability in the id parameter at /databases/table/list endpoint. This allows attackers to execute arbitrary SQL commands on the database. All systems runni...
Funadmin v3.2.0 contains a SQL injection vulnerability in the id parameter at /databases/database/edit endpoint. This allows attackers to execute arbitrary SQL commands on the database. All systems ru...
Funadmin v3.2.0 contains a SQL injection vulnerability in the id parameter at /databases/table/columns endpoint. This allows attackers to execute arbitrary SQL commands on the database. Anyone running...
Funadmin v3.2.0 contains a SQL injection vulnerability in the selectFields parameter at /member/Member.php that allows attackers to execute arbitrary SQL commands. This affects all installations runni...
Funadmin v3.2.0 contains a SQL injection vulnerability in the selectFields parameter at /member/MemberLevel.php. This allows attackers to execute arbitrary SQL commands on the database. Any organizati...
Funadmin v3.2.0 contains a remote code execution vulnerability in the Addon.php controller component that allows attackers to execute arbitrary code on affected systems. This affects all installations...
This vulnerability allows remote attackers to bypass authorization controls in funadmin's configuration handler, potentially enabling unauthorized configuration changes. It affects funadmin installati...
CVE-2024-48229 is a SQL injection vulnerability in funadmin 5.0.2's Curd one-click command mode plugin. This allows attackers to execute arbitrary SQL commands on the database. All systems running the...
Funadmin v5.0.2 contains a SQL injection vulnerability in the /curd/table/edit endpoint that allows attackers to execute arbitrary SQL commands. This affects all systems running the vulnerable version...
Funadmin 5.0.2 contains a SQL injection vulnerability in the curd/table/savefield endpoint that allows attackers to execute arbitrary SQL commands. This affects all Funadmin 5.0.2 installations with t...
This vulnerability allows remote attackers to execute arbitrary code through insecure deserialization in funadmin's AuthCloudService.php. Attackers can exploit the getMember function's cloud_account p...
This vulnerability in funadmin allows remote attackers to exploit the getMember function in the forget.html login component to disclose sensitive information. It affects all funadmin installations up ...
Funadmin v5.0.2 contains an arbitrary file read vulnerability in the /curd/index/editfile endpoint. This allows attackers to read sensitive files from the server filesystem. All systems running Funadm...
This is a cross-site scripting (XSS) vulnerability in funadmin's backend interface that allows attackers to inject malicious scripts into the application. The vulnerability affects funadmin versions u...