Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/642102?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/642102?format=api", "purl": "pkg:composer/funadmin/funadmin@2.6.4", "type": "composer", "namespace": "funadmin", "name": "funadmin", "version": "2.6.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50295?format=api", "vulnerability_id": "VCID-14y6-675h-rfex", "summary": "funadmin has Incorrect Privilege Assignment in its Configuration Handler\nA weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14372", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14453", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14488", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14491", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2896" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/3" }, { "reference_url": "https://vuldb.com/?ctiid.347207", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://vuldb.com/?ctiid.347207" }, { "reference_url": "https://vuldb.com/?id.347207", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://vuldb.com/?id.347207" }, { "reference_url": "https://vuldb.com/?submit.753972", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://vuldb.com/?submit.753972" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/3#issue-3884949083", "reference_id": "3#issue-3884949083", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/3#issue-3884949083" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2896", "reference_id": "CVE-2026-2896", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2896" }, { "reference_url": "https://github.com/advisories/GHSA-5m2g-4cf6-c3rg", "reference_id": "GHSA-5m2g-4cf6-c3rg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5m2g-4cf6-c3rg" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2896", "GHSA-5m2g-4cf6-c3rg" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14y6-675h-rfex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56078?format=api", "vulnerability_id": "VCID-35ct-q1yb-pybd", "summary": "SQL injection in funadmin\nFunadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/fieldlist`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40516", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40461", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40491", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40518", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48223" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:46:40Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/23" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48223", "reference_id": "CVE-2024-48223", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48223" }, { "reference_url": "https://github.com/advisories/GHSA-x2fr-vj74-5h35", "reference_id": "GHSA-x2fr-vj74-5h35", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x2fr-vj74-5h35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48223", "GHSA-x2fr-vj74-5h35" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35ct-q1yb-pybd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44629?format=api", "vulnerability_id": "VCID-38zb-ggdz-nfcg", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50426", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50407", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50468", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50476", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50456", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24773" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:46:07Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24773", "reference_id": "CVE-2023-24773", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24773" }, { "reference_url": "https://github.com/advisories/GHSA-m8wf-wmwh-jw2m", "reference_id": "GHSA-m8wf-wmwh-jw2m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8wf-wmwh-jw2m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/642108?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-35ct-q1yb-pybd" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-bu27-6n4r-j7bf" }, { "vulnerability": "VCID-fewy-6yp9-8ue1" }, { "vulnerability": "VCID-fqy9-sahj-abd7" }, { "vulnerability": "VCID-h19b-rapd-zyda" }, { "vulnerability": "VCID-jvdn-x41a-quh3" }, { "vulnerability": "VCID-sgfb-bshy-x3dz" }, { "vulnerability": "VCID-sr6g-h6c6-yudy" }, { "vulnerability": "VCID-t11u-bkvq-6fh4" }, { "vulnerability": "VCID-tcz1-xmbs-3bhd" }, { "vulnerability": "VCID-y5b7-e9fx-1ubm" }, { "vulnerability": "VCID-zuqp-dewf-pfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24773", "GHSA-m8wf-wmwh-jw2m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38zb-ggdz-nfcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95627?format=api", "vulnerability_id": "VCID-4fg7-a2ep-hbaf", "summary": "Funadmin has an Improper Access Control Issue\nA flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 59. To fix this issue, it is recommended to deploy a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20319", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20214", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2028", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20328", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7733" }, { "reference_url": "https://gitee.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitee.com/funadmin/funadmin" }, { "reference_url": "https://gitee.com/funadmin/funadmin/issues/IJ8NXT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://gitee.com/funadmin/funadmin/issues/IJ8NXT" }, { "reference_url": "https://gitee.com/funadmin/funadmin/pulls/59", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://gitee.com/funadmin/funadmin/pulls/59" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7733", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7733" }, { "reference_url": "https://vuldb.com/submit/807559", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://vuldb.com/submit/807559" }, { "reference_url": "https://vuldb.com/vuln/360908", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://vuldb.com/vuln/360908" }, { "reference_url": "https://vuldb.com/vuln/360908/cti", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://vuldb.com/vuln/360908/cti" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://gitee.com/funadmin/funadmin/", "reference_id": "funadmin", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/" } ], "url": "https://gitee.com/funadmin/funadmin/" }, { "reference_url": "https://github.com/advisories/GHSA-qhh7-263p-54r3", "reference_id": "GHSA-qhh7-263p-54r3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qhh7-263p-54r3" } ], "fixed_packages": [], "aliases": [ "CVE-2026-7733", "GHSA-qhh7-263p-54r3" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fg7-a2ep-hbaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44602?format=api", "vulnerability_id": "VCID-5am8-jn6b-jkbw", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nFunadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \\controller\\Addon.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85429", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.8542", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85444", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85449", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24776" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:24:45Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24776", "reference_id": "CVE-2023-24776", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24776" }, { "reference_url": "https://github.com/advisories/GHSA-7g53-jj25-jhgr", "reference_id": "GHSA-7g53-jj25-jhgr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g53-jj25-jhgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/642108?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-35ct-q1yb-pybd" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-bu27-6n4r-j7bf" }, { "vulnerability": "VCID-fewy-6yp9-8ue1" }, { "vulnerability": "VCID-fqy9-sahj-abd7" }, { "vulnerability": "VCID-h19b-rapd-zyda" }, { "vulnerability": "VCID-jvdn-x41a-quh3" }, { "vulnerability": "VCID-sgfb-bshy-x3dz" }, { "vulnerability": "VCID-sr6g-h6c6-yudy" }, { "vulnerability": "VCID-t11u-bkvq-6fh4" }, { "vulnerability": "VCID-tcz1-xmbs-3bhd" }, { "vulnerability": "VCID-y5b7-e9fx-1ubm" }, { "vulnerability": "VCID-zuqp-dewf-pfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24776", "GHSA-7g53-jj25-jhgr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5am8-jn6b-jkbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50293?format=api", "vulnerability_id": "VCID-6ex5-r7ck-nkgu", "summary": "funadmin exposes sensitive information via getMember function\nA vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16286", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16151", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16234", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16276", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2894" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/1" }, { "reference_url": "https://vuldb.com/?ctiid.347205", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://vuldb.com/?ctiid.347205" }, { "reference_url": "https://vuldb.com/?id.347205", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://vuldb.com/?id.347205" }, { "reference_url": "https://vuldb.com/?submit.753969", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://vuldb.com/?submit.753969" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/1#issue-3884896592", "reference_id": "1#issue-3884896592", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/1#issue-3884896592" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2894", "reference_id": "CVE-2026-2894", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2894" }, { "reference_url": "https://github.com/advisories/GHSA-8hhx-xq9j-xwfj", "reference_id": "GHSA-8hhx-xq9j-xwfj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8hhx-xq9j-xwfj" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2894", "GHSA-8hhx-xq9j-xwfj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ex5-r7ck-nkgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44632?format=api", "vulnerability_id": "VCID-7ewc-fnrn-9qbc", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67417", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67388", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67369", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67405", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6741", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24780" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T17:41:37Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24780", "reference_id": "CVE-2023-24780", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24780" }, { "reference_url": "https://github.com/advisories/GHSA-7pmh-8qjj-4q36", "reference_id": "GHSA-7pmh-8qjj-4q36", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7pmh-8qjj-4q36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/642108?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-35ct-q1yb-pybd" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-bu27-6n4r-j7bf" }, { "vulnerability": "VCID-fewy-6yp9-8ue1" }, { "vulnerability": "VCID-fqy9-sahj-abd7" }, { "vulnerability": "VCID-h19b-rapd-zyda" }, { "vulnerability": "VCID-jvdn-x41a-quh3" }, { "vulnerability": "VCID-sgfb-bshy-x3dz" }, { "vulnerability": "VCID-sr6g-h6c6-yudy" }, { "vulnerability": "VCID-t11u-bkvq-6fh4" }, { "vulnerability": "VCID-tcz1-xmbs-3bhd" }, { "vulnerability": "VCID-y5b7-e9fx-1ubm" }, { "vulnerability": "VCID-zuqp-dewf-pfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24780", "GHSA-7pmh-8qjj-4q36" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ewc-fnrn-9qbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50296?format=api", "vulnerability_id": "VCID-b9k4-kuhe-sug9", "summary": "funadmin: XSS through Value argument in Backend Interface component\nA security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12944", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12822", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12908", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12947", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2897" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/4" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/4#issue-3890421022", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/4#issue-3890421022" }, { "reference_url": "https://vuldb.com/?ctiid.347208", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://vuldb.com/?ctiid.347208" }, { "reference_url": "https://vuldb.com/?id.347208", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://vuldb.com/?id.347208" }, { "reference_url": "https://vuldb.com/?submit.753975", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/" } ], "url": "https://vuldb.com/?submit.753975" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2897", "reference_id": "CVE-2026-2897", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2897" }, { "reference_url": "https://github.com/advisories/GHSA-rfh7-7v27-6p9r", "reference_id": "GHSA-rfh7-7v27-6p9r", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rfh7-7v27-6p9r" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2897", "GHSA-rfh7-7v27-6p9r" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9k4-kuhe-sug9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50294?format=api", "vulnerability_id": "VCID-bhzu-quhs-c3dh", "summary": "funadmin has Weak Password Recovery Mechanism for Forgotten Password\nA security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31769", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31664", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31697", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31735", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2895" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/2" }, { "reference_url": "https://vuldb.com/?ctiid.347206", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://vuldb.com/?ctiid.347206" }, { "reference_url": "https://vuldb.com/?id.347206", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://vuldb.com/?id.347206" }, { "reference_url": "https://vuldb.com/?submit.753971", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://vuldb.com/?submit.753971" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/2#issue-3884919985", "reference_id": "2#issue-3884919985", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/2#issue-3884919985" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2895", "reference_id": "CVE-2026-2895", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2895" }, { "reference_url": "https://github.com/advisories/GHSA-fmr2-m7gc-577w", "reference_id": "GHSA-fmr2-m7gc-577w", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fmr2-m7gc-577w" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2895", "GHSA-fmr2-m7gc-577w" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhzu-quhs-c3dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56085?format=api", "vulnerability_id": "VCID-bu27-6n4r-j7bf", "summary": "Funadmin Cross-site Scripting vulnerability\nAn issue was found in funadmin 5.0.2. The selectfiles method in `\\backend\\controller\\sys\\Attachh.php` directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37726", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37764", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37794", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37791", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48228" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:02:03Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48228", "reference_id": "CVE-2024-48228", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48228" }, { "reference_url": "https://github.com/advisories/GHSA-j9wp-x5q5-xh2f", "reference_id": "GHSA-j9wp-x5q5-xh2f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j9wp-x5q5-xh2f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48228", "GHSA-j9wp-x5q5-xh2f" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bu27-6n4r-j7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56079?format=api", "vulnerability_id": "VCID-fewy-6yp9-8ue1", "summary": "SQL injection in funadmin\nfunadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32501", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32399", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3243", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32469", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48229" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/28", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:08:28Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/28" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48229", "reference_id": "CVE-2024-48229", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48229" }, { "reference_url": "https://github.com/advisories/GHSA-h345-r48x-g68f", "reference_id": "GHSA-h345-r48x-g68f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h345-r48x-g68f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48229", "GHSA-h345-r48x-g68f" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fewy-6yp9-8ue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56073?format=api", "vulnerability_id": "VCID-fqy9-sahj-abd7", "summary": "SQL injection in funadmin\nFunadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/edit`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40516", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40461", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40491", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40518", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48222" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:45:28Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/22" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48222", "reference_id": "CVE-2024-48222", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48222" }, { "reference_url": "https://github.com/advisories/GHSA-5g66-93qv-565j", "reference_id": "GHSA-5g66-93qv-565j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5g66-93qv-565j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48222", "GHSA-5g66-93qv-565j" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqy9-sahj-abd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50292?format=api", "vulnerability_id": "VCID-h19b-rapd-zyda", "summary": "funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function\nA vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11235", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11114", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11194", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11228", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2898" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/5" }, { "reference_url": "https://github.com/I4m6da/CVE/issues/5#issue-3890444166", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://github.com/I4m6da/CVE/issues/5#issue-3890444166" }, { "reference_url": "https://vuldb.com/?ctiid.347209", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://vuldb.com/?ctiid.347209" }, { "reference_url": "https://vuldb.com/?id.347209", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://vuldb.com/?id.347209" }, { "reference_url": "https://vuldb.com/?submit.753976", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/" } ], "url": "https://vuldb.com/?submit.753976" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2898", "reference_id": "CVE-2026-2898", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2898" }, { "reference_url": "https://github.com/advisories/GHSA-gcxp-xg77-798j", "reference_id": "GHSA-gcxp-xg77-798j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcxp-xg77-798j" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2898", "GHSA-gcxp-xg77-798j" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h19b-rapd-zyda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56077?format=api", "vulnerability_id": "VCID-jvdn-x41a-quh3", "summary": "SQL injection in funadmin\nFunadmin 5.0.2 is vulnerable to SQL Injection in `curd/table/savefield`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32501", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32399", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3243", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32469", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48226" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:16:04Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/26" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48226", "reference_id": "CVE-2024-48226", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48226" }, { "reference_url": "https://github.com/advisories/GHSA-9gw3-qr2f-3vg5", "reference_id": "GHSA-9gw3-qr2f-3vg5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9gw3-qr2f-3vg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48226", "GHSA-9gw3-qr2f-3vg5" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvdn-x41a-quh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44649?format=api", "vulnerability_id": "VCID-mczj-gm74-ubdn", "summary": "Funadmin vulnerable to SQL injection\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\controller\\auth\\Auth.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01272", "scoring_system": "epss", "scoring_elements": "0.79876", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01272", "scoring_system": "epss", "scoring_elements": "0.79862", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01272", "scoring_system": "epss", "scoring_elements": "0.79887", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01272", "scoring_system": "epss", "scoring_elements": "0.79892", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24774" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T15:23:33Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/12" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24774", "reference_id": "CVE-2023-24774", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24774" }, { "reference_url": "https://github.com/advisories/GHSA-jx2x-fg9p-7gc7", "reference_id": "GHSA-jx2x-fg9p-7gc7", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jx2x-fg9p-7gc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/642108?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-35ct-q1yb-pybd" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-bu27-6n4r-j7bf" }, { "vulnerability": "VCID-fewy-6yp9-8ue1" }, { "vulnerability": "VCID-fqy9-sahj-abd7" }, { "vulnerability": "VCID-h19b-rapd-zyda" }, { "vulnerability": "VCID-jvdn-x41a-quh3" }, { "vulnerability": "VCID-sgfb-bshy-x3dz" }, { "vulnerability": "VCID-sr6g-h6c6-yudy" }, { "vulnerability": "VCID-t11u-bkvq-6fh4" }, { "vulnerability": "VCID-tcz1-xmbs-3bhd" }, { "vulnerability": "VCID-y5b7-e9fx-1ubm" }, { "vulnerability": "VCID-zuqp-dewf-pfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24774", "GHSA-jx2x-fg9p-7gc7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mczj-gm74-ubdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44620?format=api", "vulnerability_id": "VCID-qf1y-1mk4-7ugv", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\member\\MemberLevel.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.5077", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50719", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50703", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.5075", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50764", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24781" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T17:42:51Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24781", "reference_id": "CVE-2023-24781", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24781" }, { "reference_url": "https://github.com/advisories/GHSA-vhrv-9f9g-rfrx", "reference_id": "GHSA-vhrv-9f9g-rfrx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vhrv-9f9g-rfrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/642108?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-35ct-q1yb-pybd" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-bu27-6n4r-j7bf" }, { "vulnerability": "VCID-fewy-6yp9-8ue1" }, { "vulnerability": "VCID-fqy9-sahj-abd7" }, { "vulnerability": "VCID-h19b-rapd-zyda" }, { "vulnerability": "VCID-jvdn-x41a-quh3" }, { "vulnerability": "VCID-sgfb-bshy-x3dz" }, { "vulnerability": "VCID-sr6g-h6c6-yudy" }, { "vulnerability": "VCID-t11u-bkvq-6fh4" }, { "vulnerability": "VCID-tcz1-xmbs-3bhd" }, { "vulnerability": "VCID-y5b7-e9fx-1ubm" }, { "vulnerability": "VCID-zuqp-dewf-pfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24781", "GHSA-vhrv-9f9g-rfrx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1y-1mk4-7ugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56075?format=api", "vulnerability_id": "VCID-sgfb-bshy-x3dz", "summary": "SQL injection in funadmin\nfunadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of `\\backend\\controller\\auth\\Auth.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38734", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38762", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3879", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38786", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48230" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:06:47Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/30" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48230", "reference_id": "CVE-2024-48230", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48230" }, { "reference_url": "https://github.com/advisories/GHSA-2mv8-jjm5-f3hr", "reference_id": "GHSA-2mv8-jjm5-f3hr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2mv8-jjm5-f3hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48230", "GHSA-2mv8-jjm5-f3hr" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgfb-bshy-x3dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56080?format=api", "vulnerability_id": "VCID-sr6g-h6c6-yudy", "summary": "SQL injection in funadmin\nFunadmin v5.0.2 has an arbitrary file read vulnerability in `/curd/index/editfile`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39957", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39905", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39932", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.3996", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48224" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T17:52:45Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/24" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48224", "reference_id": "CVE-2024-48224", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48224" }, { "reference_url": "https://github.com/advisories/GHSA-6j8f-88mh-r9vq", "reference_id": "GHSA-6j8f-88mh-r9vq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6j8f-88mh-r9vq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48224", "GHSA-6j8f-88mh-r9vq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sr6g-h6c6-yudy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56074?format=api", "vulnerability_id": "VCID-t11u-bkvq-6fh4", "summary": "Logic flaw in Funadmin\nFunadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25265", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25141", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25199", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25249", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48227" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/27", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:11:11Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48227", "reference_id": "CVE-2024-48227", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48227" }, { "reference_url": "https://github.com/advisories/GHSA-r9v5-q97m-rj5g", "reference_id": "GHSA-r9v5-q97m-rj5g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r9v5-q97m-rj5g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48227", "GHSA-r9v5-q97m-rj5g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t11u-bkvq-6fh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56041?format=api", "vulnerability_id": "VCID-tcz1-xmbs-3bhd", "summary": "SQL injection in funadmin\nFunadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \\app\\backend\\controller\\auth\\Auth.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34293", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34233", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34274", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34308", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48231" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/29", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-21T18:39:17Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/29" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48231", "reference_id": "CVE-2024-48231", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48231" }, { "reference_url": "https://github.com/advisories/GHSA-7pp4-388x-2xqj", "reference_id": "GHSA-7pp4-388x-2xqj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7pp4-388x-2xqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48231", "GHSA-7pp4-388x-2xqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcz1-xmbs-3bhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44633?format=api", "vulnerability_id": "VCID-ttgh-zgrs-z7ac", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48232", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48212", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48275", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48279", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.4826", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24777" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:43:26Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24777", "reference_id": "CVE-2023-24777", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24777" }, { "reference_url": "https://github.com/advisories/GHSA-pvp6-53r9-8vxh", "reference_id": "GHSA-pvp6-53r9-8vxh", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pvp6-53r9-8vxh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/642108?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-35ct-q1yb-pybd" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-bu27-6n4r-j7bf" }, { "vulnerability": "VCID-fewy-6yp9-8ue1" }, { "vulnerability": "VCID-fqy9-sahj-abd7" }, { "vulnerability": "VCID-h19b-rapd-zyda" }, { "vulnerability": "VCID-jvdn-x41a-quh3" }, { "vulnerability": "VCID-sgfb-bshy-x3dz" }, { "vulnerability": "VCID-sr6g-h6c6-yudy" }, { "vulnerability": "VCID-t11u-bkvq-6fh4" }, { "vulnerability": "VCID-tcz1-xmbs-3bhd" }, { "vulnerability": "VCID-y5b7-e9fx-1ubm" }, { "vulnerability": "VCID-zuqp-dewf-pfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24777", "GHSA-pvp6-53r9-8vxh" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttgh-zgrs-z7ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44627?format=api", "vulnerability_id": "VCID-v9gy-vmmn-bkd7", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.5077", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50719", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50703", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.5075", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50764", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24782" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:36:40Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24782", "reference_id": "CVE-2023-24782", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24782" }, { "reference_url": "https://github.com/advisories/GHSA-qhq8-2f3m-gxvp", "reference_id": "GHSA-qhq8-2f3m-gxvp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qhq8-2f3m-gxvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/642108?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-35ct-q1yb-pybd" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-bu27-6n4r-j7bf" }, { "vulnerability": "VCID-fewy-6yp9-8ue1" }, { "vulnerability": "VCID-fqy9-sahj-abd7" }, { "vulnerability": "VCID-h19b-rapd-zyda" }, { "vulnerability": "VCID-jvdn-x41a-quh3" }, { "vulnerability": "VCID-sgfb-bshy-x3dz" }, { "vulnerability": "VCID-sr6g-h6c6-yudy" }, { "vulnerability": "VCID-t11u-bkvq-6fh4" }, { "vulnerability": "VCID-tcz1-xmbs-3bhd" }, { "vulnerability": "VCID-y5b7-e9fx-1ubm" }, { "vulnerability": "VCID-zuqp-dewf-pfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24782", "GHSA-qhq8-2f3m-gxvp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9gy-vmmn-bkd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56082?format=api", "vulnerability_id": "VCID-y5b7-e9fx-1ubm", "summary": "SQL injection in funadmin\nFunadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/list`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40516", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40461", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40491", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40518", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48218" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:44:11Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/21" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48218", "reference_id": "CVE-2024-48218", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48218" }, { "reference_url": "https://github.com/advisories/GHSA-h4px-9vmp-p7pv", "reference_id": "GHSA-h4px-9vmp-p7pv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h4px-9vmp-p7pv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48218", "GHSA-h4px-9vmp-p7pv" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5b7-e9fx-1ubm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56083?format=api", "vulnerability_id": "VCID-zuqp-dewf-pfew", "summary": "SQL injection in funadmin\nFunadmin v5.0.2 has an arbitrary file deletion vulnerability in `/curd/index/delfile`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32348", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32249", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32279", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32317", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48225" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/25", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:18:25Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/25" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48225", "reference_id": "CVE-2024-48225", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48225" }, { "reference_url": "https://github.com/advisories/GHSA-vw6x-c5rg-jmjp", "reference_id": "GHSA-vw6x-c5rg-jmjp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vw6x-c5rg-jmjp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/775504?format=api", "purl": "pkg:composer/funadmin/funadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-h19b-rapd-zyda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3" } ], "aliases": [ "CVE-2024-48225", "GHSA-vw6x-c5rg-jmjp" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zuqp-dewf-pfew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44617?format=api", "vulnerability_id": "VCID-zzdd-fpz6-efgy", "summary": "SQL Injection in Funadmin\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\member\\Member.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11485", "scoring_system": "epss", "scoring_elements": "0.93755", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.11485", "scoring_system": "epss", "scoring_elements": "0.93747", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11485", "scoring_system": "epss", "scoring_elements": "0.93757", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.11485", "scoring_system": "epss", "scoring_elements": "0.93756", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24775" }, { "reference_url": "https://github.com/funadmin/funadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/funadmin/funadmin" }, { "reference_url": "https://github.com/funadmin/funadmin/issues/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T14:53:19Z/" } ], "url": "https://github.com/funadmin/funadmin/issues/9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24775", "reference_id": "CVE-2023-24775", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24775" }, { "reference_url": "https://github.com/advisories/GHSA-v43v-pv95-jc55", "reference_id": "GHSA-v43v-pv95-jc55", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v43v-pv95-jc55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/642108?format=api", "purl": "pkg:composer/funadmin/funadmin@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14y6-675h-rfex" }, { "vulnerability": "VCID-35ct-q1yb-pybd" }, { "vulnerability": "VCID-4fg7-a2ep-hbaf" }, { "vulnerability": "VCID-6ex5-r7ck-nkgu" }, { "vulnerability": "VCID-b9k4-kuhe-sug9" }, { "vulnerability": "VCID-bhzu-quhs-c3dh" }, { "vulnerability": "VCID-bu27-6n4r-j7bf" }, { "vulnerability": "VCID-fewy-6yp9-8ue1" }, { "vulnerability": "VCID-fqy9-sahj-abd7" }, { "vulnerability": "VCID-h19b-rapd-zyda" }, { "vulnerability": "VCID-jvdn-x41a-quh3" }, { "vulnerability": "VCID-sgfb-bshy-x3dz" }, { "vulnerability": "VCID-sr6g-h6c6-yudy" }, { "vulnerability": "VCID-t11u-bkvq-6fh4" }, { "vulnerability": "VCID-tcz1-xmbs-3bhd" }, { "vulnerability": "VCID-y5b7-e9fx-1ubm" }, { "vulnerability": "VCID-zuqp-dewf-pfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1" } ], "aliases": [ "CVE-2023-24775", "GHSA-v43v-pv95-jc55" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzdd-fpz6-efgy" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@2.6.4" }