Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-j9wp-x5q5-xh2f: Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in `\backend\controller\sys\Attachh.php` directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

ghsa
#xss#vulnerability#web#php#auth
GHSA-2mv8-jjm5-f3hr: SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

GHSA-h345-r48x-g68f: SQL injection in funadmin

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

GHSA-6j8f-88mh-r9vq: SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.

GHSA-x2fr-vj74-5h35: SQL injection in funadmin

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.

GHSA-h4px-9vmp-p7pv: SQL injection in funadmin

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.

GHSA-9gw3-qr2f-3vg5: SQL injection in funadmin

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.

GHSA-vw6x-c5rg-jmjp: SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

GHSA-5g66-93qv-565j: SQL injection in funadmin

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.

GHSA-r9v5-q97m-rj5g: Logic flaw in Funadmin

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).