Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/617802?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/617802?format=api", "purl": "pkg:composer/funadmin/funadmin@1.1", "type": "composer", "namespace": "funadmin", "name": "funadmin", "version": "1.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72675?format=api", "vulnerability_id": "VCID-24ek-5vzy-2fg3", "summary": "A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 59. To fix this issue, it is recommended to deploy a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20474", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20497", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20476", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20299", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7733" }, { "reference_url": "https://gitee.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitee.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7733", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7733" }, { "reference_url": "https://vuldb.com/vuln/360908", "reference_id": "360908", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://vuldb.com/vuln/360908" }, { "reference_url": "https://gitee.com/funadmin/funadmin/pulls/59", "reference_id": "59", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://gitee.com/funadmin/funadmin/pulls/59" }, { "reference_url": "https://vuldb.com/submit/807559", "reference_id": "807559", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://vuldb.com/submit/807559" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/vuln/360908/cti", "reference_id": "cti", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://vuldb.com/vuln/360908/cti" }, { "reference_url": "https://gitee.com/funadmin/funadmin/", "reference_id": "funadmin", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://gitee.com/funadmin/funadmin/" }, { "reference_url": "https://github.com/advisories/GHSA-qhh7-263p-54r3", "reference_id": "GHSA-qhh7-263p-54r3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qhh7-263p-54r3" }, { "reference_url": "https://gitee.com/funadmin/funadmin/issues/IJ8NXT", "reference_id": "IJ8NXT", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://gitee.com/funadmin/funadmin/issues/IJ8NXT" } ], "fixed_packages": [], "aliases": [ "CVE-2026-7733", "GHSA-qhh7-263p-54r3" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24ek-5vzy-2fg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56173?format=api", "vulnerability_id": "VCID-2c21-4zuk-z3hf", "summary": "funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32643", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32641", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32462", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32664", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48229" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48229", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48229" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/28", "reference_id": "28", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:08:28Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/28" }, { "reference_url": "https://github.com/advisories/GHSA-h345-r48x-g68f", "reference_id": "GHSA-h345-r48x-g68f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h345-r48x-g68f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48229", "GHSA-h345-r48x-g68f" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2c21-4zuk-z3hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56342?format=api", "vulnerability_id": "VCID-2fjq-u8cu-5qf4", "summary": "Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32643", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32641", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32462", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32664", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48226" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48226", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48226" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/26", "reference_id": "26", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:16:04Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/26" }, { "reference_url": "https://github.com/advisories/GHSA-9gw3-qr2f-3vg5", "reference_id": "GHSA-9gw3-qr2f-3vg5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gw3-qr2f-3vg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48226", "GHSA-9gw3-qr2f-3vg5" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fjq-u8cu-5qf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149068?format=api", "vulnerability_id": "VCID-47km-baak-8qhm", "summary": "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50941", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50806", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50954", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50938", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24782" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24782" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:36:40Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/3" }, { "reference_url": "https://github.com/advisories/GHSA-qhq8-2f3m-gxvp", "reference_id": "GHSA-qhq8-2f3m-gxvp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qhq8-2f3m-gxvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/617832?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-2c21-4zuk-z3hf" }, { "vulnerability": "VCID-2fjq-u8cu-5qf4" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-eacs-8tcp-1ues" }, { "vulnerability": "VCID-hs3v-jb33-mygx" }, { "vulnerability": "VCID-jhhv-rwws-jbbz" }, { "vulnerability": "VCID-jrrq-33ju-rfa9" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-khmn-nf24-ffdx" }, { "vulnerability": "VCID-mcxx-jcvc-qqfn" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-v68x-ae2m-vfez" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" }, { "vulnerability": "VCID-w8pj-n7nq-vkgz" }, { "vulnerability": "VCID-ysex-7khf-fqd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24782", "GHSA-qhq8-2f3m-gxvp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47km-baak-8qhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149254?format=api", "vulnerability_id": "VCID-57g4-qwxu-cbc7", "summary": "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67561", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6746", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67564", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67551", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24780" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24780", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24780" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T17:41:37Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/6" }, { "reference_url": "https://github.com/advisories/GHSA-7pmh-8qjj-4q36", "reference_id": "GHSA-7pmh-8qjj-4q36", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7pmh-8qjj-4q36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/617832?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-2c21-4zuk-z3hf" }, { "vulnerability": "VCID-2fjq-u8cu-5qf4" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-eacs-8tcp-1ues" }, { "vulnerability": "VCID-hs3v-jb33-mygx" }, { "vulnerability": "VCID-jhhv-rwws-jbbz" }, { "vulnerability": "VCID-jrrq-33ju-rfa9" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-khmn-nf24-ffdx" }, { "vulnerability": "VCID-mcxx-jcvc-qqfn" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-v68x-ae2m-vfez" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" }, { "vulnerability": "VCID-w8pj-n7nq-vkgz" }, { "vulnerability": "VCID-ysex-7khf-fqd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24780", "GHSA-7pmh-8qjj-4q36" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57g4-qwxu-cbc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149013?format=api", "vulnerability_id": "VCID-7h15-tzr6-hkaz", "summary": "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\member\\MemberLevel.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50941", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50806", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50954", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50938", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24781" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24781", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24781" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/8", "reference_id": "8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T17:42:51Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/8" }, { "reference_url": "https://github.com/advisories/GHSA-vhrv-9f9g-rfrx", "reference_id": "GHSA-vhrv-9f9g-rfrx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vhrv-9f9g-rfrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/617832?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-2c21-4zuk-z3hf" }, { "vulnerability": "VCID-2fjq-u8cu-5qf4" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-eacs-8tcp-1ues" }, { "vulnerability": "VCID-hs3v-jb33-mygx" }, { "vulnerability": "VCID-jhhv-rwws-jbbz" }, { "vulnerability": "VCID-jrrq-33ju-rfa9" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-khmn-nf24-ffdx" }, { "vulnerability": "VCID-mcxx-jcvc-qqfn" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-v68x-ae2m-vfez" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" }, { "vulnerability": "VCID-w8pj-n7nq-vkgz" }, { "vulnerability": "VCID-ysex-7khf-fqd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24781", "GHSA-vhrv-9f9g-rfrx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7h15-tzr6-hkaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84991?format=api", "vulnerability_id": "VCID-86eu-w8s6-sqdp", "summary": "A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12936", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.13019", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.13041", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.13031", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2897" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/4" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/4#issue-3890421022", "reference_id": "4#issue-3890421022", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/4#issue-3890421022" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/?ctiid.347208", "reference_id": "?ctiid.347208", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://vuldb.com/?ctiid.347208" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2897", "reference_id": "CVE-2026-2897", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2897" }, { "reference_url": "https://github.com/advisories/GHSA-rfh7-7v27-6p9r", "reference_id": "GHSA-rfh7-7v27-6p9r", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rfh7-7v27-6p9r" }, { "reference_url": "https://vuldb.com/?id.347208", "reference_id": "?id.347208", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://vuldb.com/?id.347208" }, { "reference_url": "https://vuldb.com/?submit.753975", "reference_id": "?submit.753975", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://vuldb.com/?submit.753975" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2897", "GHSA-rfh7-7v27-6p9r" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86eu-w8s6-sqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149119?format=api", "vulnerability_id": "VCID-9nag-p28s-rkad", "summary": "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48461", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48446", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48306", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48443", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24777" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24777", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24777" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:43:26Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/5" }, { "reference_url": "https://github.com/advisories/GHSA-pvp6-53r9-8vxh", "reference_id": "GHSA-pvp6-53r9-8vxh", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pvp6-53r9-8vxh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/617832?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-2c21-4zuk-z3hf" }, { "vulnerability": "VCID-2fjq-u8cu-5qf4" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-eacs-8tcp-1ues" }, { "vulnerability": "VCID-hs3v-jb33-mygx" }, { "vulnerability": "VCID-jhhv-rwws-jbbz" }, { "vulnerability": "VCID-jrrq-33ju-rfa9" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-khmn-nf24-ffdx" }, { "vulnerability": "VCID-mcxx-jcvc-qqfn" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-v68x-ae2m-vfez" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" }, { "vulnerability": "VCID-w8pj-n7nq-vkgz" }, { "vulnerability": "VCID-ysex-7khf-fqd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24777", "GHSA-pvp6-53r9-8vxh" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nag-p28s-rkad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56399?format=api", "vulnerability_id": "VCID-eacs-8tcp-1ues", "summary": "Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25405", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25391", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25191", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25388", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48227" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48227", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48227" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/27", "reference_id": "27", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:11:11Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/27" }, { "reference_url": "https://github.com/advisories/GHSA-r9v5-q97m-rj5g", "reference_id": "GHSA-r9v5-q97m-rj5g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r9v5-q97m-rj5g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48227", "GHSA-r9v5-q97m-rj5g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eacs-8tcp-1ues" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149215?format=api", "vulnerability_id": "VCID-fjwg-agf2-gkh4", "summary": "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\controller\\auth\\Auth.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01272", "scoring_system": "epss", "scoring_elements": "0.80017", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01272", "scoring_system": "epss", "scoring_elements": "0.80009", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01272", "scoring_system": "epss", "scoring_elements": "0.79936", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01272", "scoring_system": "epss", "scoring_elements": "0.79999", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24774" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24774", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24774" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/12", "reference_id": "12", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T15:23:33Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/12" }, { "reference_url": "https://github.com/advisories/GHSA-jx2x-fg9p-7gc7", "reference_id": "GHSA-jx2x-fg9p-7gc7", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jx2x-fg9p-7gc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/617832?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-2c21-4zuk-z3hf" }, { "vulnerability": "VCID-2fjq-u8cu-5qf4" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-eacs-8tcp-1ues" }, { "vulnerability": "VCID-hs3v-jb33-mygx" }, { "vulnerability": "VCID-jhhv-rwws-jbbz" }, { "vulnerability": "VCID-jrrq-33ju-rfa9" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-khmn-nf24-ffdx" }, { "vulnerability": "VCID-mcxx-jcvc-qqfn" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-v68x-ae2m-vfez" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" }, { "vulnerability": "VCID-w8pj-n7nq-vkgz" }, { "vulnerability": "VCID-ysex-7khf-fqd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24774", "GHSA-jx2x-fg9p-7gc7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjwg-agf2-gkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56528?format=api", "vulnerability_id": "VCID-hs3v-jb33-mygx", "summary": "Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40164", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40152", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39971", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.4014", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48224" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48224", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48224" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/24", "reference_id": "24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T17:52:45Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/24" }, { "reference_url": "https://github.com/advisories/GHSA-6j8f-88mh-r9vq", "reference_id": "GHSA-6j8f-88mh-r9vq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6j8f-88mh-r9vq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48224", "GHSA-6j8f-88mh-r9vq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs3v-jb33-mygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56439?format=api", "vulnerability_id": "VCID-jhhv-rwws-jbbz", "summary": "Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40696", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40707", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40529", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4072", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48223" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48223", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48223" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/23", "reference_id": "23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:46:40Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/23" }, { "reference_url": "https://github.com/advisories/GHSA-x2fr-vj74-5h35", "reference_id": "GHSA-x2fr-vj74-5h35", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2fr-vj74-5h35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48223", "GHSA-x2fr-vj74-5h35" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhhv-rwws-jbbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56222?format=api", "vulnerability_id": "VCID-jrrq-33ju-rfa9", "summary": "Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32517", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32495", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32314", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32497", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48225" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48225", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48225" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/25", "reference_id": "25", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:18:25Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/25" }, { "reference_url": "https://github.com/advisories/GHSA-vw6x-c5rg-jmjp", "reference_id": "GHSA-vw6x-c5rg-jmjp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vw6x-c5rg-jmjp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48225", "GHSA-vw6x-c5rg-jmjp" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrrq-33ju-rfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84651?format=api", "vulnerability_id": "VCID-k5w7-y4as-m3d7", "summary": "A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14489", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14581", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14605", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14608", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2896" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/3" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/3#issue-3884949083", "reference_id": "3#issue-3884949083", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/3#issue-3884949083" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/?ctiid.347207", "reference_id": "?ctiid.347207", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://vuldb.com/?ctiid.347207" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2896", "reference_id": "CVE-2026-2896", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2896" }, { "reference_url": "https://github.com/advisories/GHSA-5m2g-4cf6-c3rg", "reference_id": "GHSA-5m2g-4cf6-c3rg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5m2g-4cf6-c3rg" }, { "reference_url": "https://vuldb.com/?id.347207", "reference_id": "?id.347207", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://vuldb.com/?id.347207" }, { "reference_url": "https://vuldb.com/?submit.753972", "reference_id": "?submit.753972", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://vuldb.com/?submit.753972" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2896", "GHSA-5m2g-4cf6-c3rg" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5w7-y4as-m3d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56255?format=api", "vulnerability_id": "VCID-khmn-nf24-ffdx", "summary": "Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40696", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40707", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40529", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4072", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48222" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48222", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48222" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/22", "reference_id": "22", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:45:28Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/22" }, { "reference_url": "https://github.com/advisories/GHSA-5g66-93qv-565j", "reference_id": "GHSA-5g66-93qv-565j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5g66-93qv-565j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48222", "GHSA-5g66-93qv-565j" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khmn-nf24-ffdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149062?format=api", "vulnerability_id": "VCID-khzr-z2se-cuew", "summary": "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50663", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5065", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50512", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50646", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24773" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24773", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24773" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:46:07Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/4" }, { "reference_url": "https://github.com/advisories/GHSA-m8wf-wmwh-jw2m", "reference_id": "GHSA-m8wf-wmwh-jw2m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8wf-wmwh-jw2m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/617832?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-2c21-4zuk-z3hf" }, { "vulnerability": "VCID-2fjq-u8cu-5qf4" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-eacs-8tcp-1ues" }, { "vulnerability": "VCID-hs3v-jb33-mygx" }, { "vulnerability": "VCID-jhhv-rwws-jbbz" }, { "vulnerability": "VCID-jrrq-33ju-rfa9" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-khmn-nf24-ffdx" }, { "vulnerability": "VCID-mcxx-jcvc-qqfn" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-v68x-ae2m-vfez" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" }, { "vulnerability": "VCID-w8pj-n7nq-vkgz" }, { "vulnerability": "VCID-ysex-7khf-fqd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24773", "GHSA-m8wf-wmwh-jw2m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khzr-z2se-cuew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56160?format=api", "vulnerability_id": "VCID-mcxx-jcvc-qqfn", "summary": "Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \\backend\\controller\\auth\\Auth.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34493", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34472", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3429", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34468", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48231" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48231", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48231" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/29", "reference_id": "29", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-21T18:39:17Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/29" }, { "reference_url": "https://github.com/advisories/GHSA-7pp4-388x-2xqj", "reference_id": "GHSA-7pp4-388x-2xqj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7pp4-388x-2xqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48231", "GHSA-7pp4-388x-2xqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcxx-jcvc-qqfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85156?format=api", "vulnerability_id": "VCID-paun-khn9-w7gw", "summary": "A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1121", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11234", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11268", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11277", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2898" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/5" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/5#issue-3890444166", "reference_id": "5#issue-3890444166", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/5#issue-3890444166" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/?ctiid.347209", "reference_id": "?ctiid.347209", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://vuldb.com/?ctiid.347209" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2898", "reference_id": "CVE-2026-2898", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2898" }, { "reference_url": "https://github.com/advisories/GHSA-gcxp-xg77-798j", "reference_id": "GHSA-gcxp-xg77-798j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcxp-xg77-798j" }, { "reference_url": "https://vuldb.com/?id.347209", "reference_id": "?id.347209", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://vuldb.com/?id.347209" }, { "reference_url": "https://vuldb.com/?submit.753976", "reference_id": "?submit.753976", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://vuldb.com/?submit.753976" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2898", "GHSA-gcxp-xg77-798j" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-paun-khn9-w7gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148836?format=api", "vulnerability_id": "VCID-rgxh-rtbw-rkhd", "summary": "Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \\controller\\Addon.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85531", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.8547", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85521", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85523", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24776" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24776", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24776" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:24:45Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/7" }, { "reference_url": "https://github.com/advisories/GHSA-7g53-jj25-jhgr", "reference_id": "GHSA-7g53-jj25-jhgr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g53-jj25-jhgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/617832?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-2c21-4zuk-z3hf" }, { "vulnerability": "VCID-2fjq-u8cu-5qf4" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-eacs-8tcp-1ues" }, { "vulnerability": "VCID-hs3v-jb33-mygx" }, { "vulnerability": "VCID-jhhv-rwws-jbbz" }, { "vulnerability": "VCID-jrrq-33ju-rfa9" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-khmn-nf24-ffdx" }, { "vulnerability": "VCID-mcxx-jcvc-qqfn" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-v68x-ae2m-vfez" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" }, { "vulnerability": "VCID-w8pj-n7nq-vkgz" }, { "vulnerability": "VCID-ysex-7khf-fqd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24776", "GHSA-7g53-jj25-jhgr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgxh-rtbw-rkhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85154?format=api", "vulnerability_id": "VCID-tnra-1j33-n7ht", "summary": "A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31919", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31938", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.3192", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31731", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2895" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/2" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/2#issue-3884919985", "reference_id": "2#issue-3884919985", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/2#issue-3884919985" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/?ctiid.347206", "reference_id": "?ctiid.347206", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://vuldb.com/?ctiid.347206" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2895", "reference_id": "CVE-2026-2895", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2895" }, { "reference_url": "https://github.com/advisories/GHSA-fmr2-m7gc-577w", "reference_id": "GHSA-fmr2-m7gc-577w", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fmr2-m7gc-577w" }, { "reference_url": "https://vuldb.com/?id.347206", "reference_id": "?id.347206", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://vuldb.com/?id.347206" }, { "reference_url": "https://vuldb.com/?submit.753971", "reference_id": "?submit.753971", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://vuldb.com/?submit.753971" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2895", "GHSA-fmr2-m7gc-577w" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnra-1j33-n7ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148805?format=api", "vulnerability_id": "VCID-usjg-rjmn-abgb", "summary": "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\member\\Member.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11485", "scoring_system": "epss", "scoring_elements": "0.93801", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.11485", "scoring_system": "epss", "scoring_elements": "0.93803", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.11485", "scoring_system": "epss", "scoring_elements": "0.93776", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.11485", "scoring_system": "epss", "scoring_elements": "0.93796", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24775" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24775", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24775" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T14:53:19Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/9" }, { "reference_url": "https://github.com/advisories/GHSA-v43v-pv95-jc55", "reference_id": "GHSA-v43v-pv95-jc55", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v43v-pv95-jc55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/617832?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-2c21-4zuk-z3hf" }, { "vulnerability": "VCID-2fjq-u8cu-5qf4" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-eacs-8tcp-1ues" }, { "vulnerability": "VCID-hs3v-jb33-mygx" }, { "vulnerability": "VCID-jhhv-rwws-jbbz" }, { "vulnerability": "VCID-jrrq-33ju-rfa9" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-khmn-nf24-ffdx" }, { "vulnerability": "VCID-mcxx-jcvc-qqfn" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-v68x-ae2m-vfez" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" }, { "vulnerability": "VCID-w8pj-n7nq-vkgz" }, { "vulnerability": "VCID-ysex-7khf-fqd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24775", "GHSA-v43v-pv95-jc55" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usjg-rjmn-abgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56375?format=api", "vulnerability_id": "VCID-v68x-ae2m-vfez", "summary": "An issue was found in funadmin 5.0.2. The selectfiles method in \\backend\\controller\\sys\\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37963", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37976", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37786", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37988", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48228" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48228", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48228" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/31", "reference_id": "31", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:02:03Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/31" }, { "reference_url": "https://github.com/advisories/GHSA-j9wp-x5q5-xh2f", "reference_id": "GHSA-j9wp-x5q5-xh2f", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j9wp-x5q5-xh2f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48228", "GHSA-j9wp-x5q5-xh2f" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v68x-ae2m-vfez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85210?format=api", "vulnerability_id": "VCID-vtr7-bnqr-uuf4", "summary": "A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16381", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16411", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16399", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16257", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2894" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/1" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/1#issue-3884896592", "reference_id": "1#issue-3884896592", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/1#issue-3884896592" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/?ctiid.347205", "reference_id": "?ctiid.347205", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://vuldb.com/?ctiid.347205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2894", "reference_id": "CVE-2026-2894", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2894" }, { "reference_url": "https://github.com/advisories/GHSA-8hhx-xq9j-xwfj", "reference_id": "GHSA-8hhx-xq9j-xwfj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8hhx-xq9j-xwfj" }, { "reference_url": "https://vuldb.com/?id.347205", "reference_id": "?id.347205", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://vuldb.com/?id.347205" }, { "reference_url": "https://vuldb.com/?submit.753969", "reference_id": "?submit.753969", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://vuldb.com/?submit.753969" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2894", "GHSA-8hhx-xq9j-xwfj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtr7-bnqr-uuf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56158?format=api", "vulnerability_id": "VCID-w8pj-n7nq-vkgz", "summary": "funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \\backend\\controller\\auth\\Auth.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38967", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38981", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38795", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3899", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48230" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48230", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48230" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/30", "reference_id": "30", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:06:47Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/30" }, { "reference_url": "https://github.com/advisories/GHSA-2mv8-jjm5-f3hr", "reference_id": "GHSA-2mv8-jjm5-f3hr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2mv8-jjm5-f3hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48230", "GHSA-2mv8-jjm5-f3hr" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8pj-n7nq-vkgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56409?format=api", "vulnerability_id": "VCID-ysex-7khf-fqd2", "summary": "Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40696", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40707", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40529", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4072", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48218" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48218", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48218" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:44:11Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/21" }, { "reference_url": "https://github.com/advisories/GHSA-h4px-9vmp-p7pv", "reference_id": "GHSA-h4px-9vmp-p7pv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4px-9vmp-p7pv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754277?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24ek-5vzy-2fg3" }, { "vulnerability": "VCID-86eu-w8s6-sqdp" }, { "vulnerability": "VCID-k5w7-y4as-m3d7" }, { "vulnerability": "VCID-paun-khn9-w7gw" }, { "vulnerability": "VCID-tnra-1j33-n7ht" }, { "vulnerability": "VCID-vtr7-bnqr-uuf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48218", "GHSA-h4px-9vmp-p7pv" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysex-7khf-fqd2" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@1.1" }