Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/funadmin/funadmin@3.2.0

Type composer

Namespace funadmin

Name funadmin

Version 3.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-14y6-675h-rfex

vulnerability_id

VCID-14y6-675h-rfex

summary

funadmin has Incorrect Privilege Assignment in its Configuration Handler
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2896

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.14488
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2896

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://github.com/I4m6da/CVE/issues/3

reference_url

https://vuldb.com/?ctiid.347207

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://vuldb.com/?ctiid.347207

reference_url

https://vuldb.com/?id.347207

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://vuldb.com/?id.347207

reference_url

https://vuldb.com/?submit.753972

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://vuldb.com/?submit.753972

reference_url

https://github.com/I4m6da/CVE/issues/3#issue-3884949083

reference_id

3#issue-3884949083

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://github.com/I4m6da/CVE/issues/3#issue-3884949083

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2896

reference_id

CVE-2026-2896

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2896

reference_url

https://github.com/advisories/GHSA-5m2g-4cf6-c3rg

reference_id

GHSA-5m2g-4cf6-c3rg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5m2g-4cf6-c3rg

fixed_packages

aliases

CVE-2026-2896, GHSA-5m2g-4cf6-c3rg

risk_score

3.3

exploitability

0.5

weighted_severity

6.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-14y6-675h-rfex

url VCID-35ct-q1yb-pybd

vulnerability_id VCID-35ct-q1yb-pybd

summary

SQL injection in funadmin
Funadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/fieldlist`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48223

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40516
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48223

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/23

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:46:40Z/

url

https://github.com/funadmin/funadmin/issues/23

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48223

reference_id

CVE-2024-48223

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48223

reference_url	https://github.com/advisories/GHSA-x2fr-vj74-5h35
reference_id	GHSA-x2fr-vj74-5h35
reference_type
scores
url	https://github.com/advisories/GHSA-x2fr-vj74-5h35

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48223, GHSA-x2fr-vj74-5h35

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35ct-q1yb-pybd

url VCID-38zb-ggdz-nfcg

vulnerability_id VCID-38zb-ggdz-nfcg

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24773

reference_id

reference_type

scores

value	0.00268
scoring_system	epss
scoring_elements	0.50407
published_at	2026-06-04T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50468
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24773

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:46:07Z/

url

https://github.com/funadmin/funadmin/issues/4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24773

reference_id

CVE-2023-24773

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24773

reference_url	https://github.com/advisories/GHSA-m8wf-wmwh-jw2m
reference_id	GHSA-m8wf-wmwh-jw2m
reference_type
scores
url	https://github.com/advisories/GHSA-m8wf-wmwh-jw2m

fixed_packages

url pkg:composer/funadmin/funadmin@3.2.1

purl pkg:composer/funadmin/funadmin@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-35ct-q1yb-pybd

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-bu27-6n4r-j7bf

vulnerability	VCID-fewy-6yp9-8ue1

vulnerability	VCID-fqy9-sahj-abd7

vulnerability	VCID-h19b-rapd-zyda

vulnerability	VCID-jvdn-x41a-quh3

vulnerability	VCID-sgfb-bshy-x3dz

vulnerability	VCID-sr6g-h6c6-yudy

vulnerability	VCID-t11u-bkvq-6fh4

vulnerability	VCID-tcz1-xmbs-3bhd

vulnerability	VCID-y5b7-e9fx-1ubm

vulnerability	VCID-zuqp-dewf-pfew

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1

aliases CVE-2023-24773, GHSA-m8wf-wmwh-jw2m

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38zb-ggdz-nfcg

url VCID-4fg7-a2ep-hbaf

vulnerability_id VCID-4fg7-a2ep-hbaf

summary

Funadmin has an Improper Access Control Issue
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 59. To fix this issue, it is recommended to deploy a patch.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7733

reference_id

reference_type

scores

value	0.00065
scoring_system	epss
scoring_elements	0.20328
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7733

reference_url

https://gitee.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitee.com/funadmin/funadmin

reference_url

https://gitee.com/funadmin/funadmin/issues/IJ8NXT

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://gitee.com/funadmin/funadmin/issues/IJ8NXT

reference_url

https://gitee.com/funadmin/funadmin/pulls/59

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://gitee.com/funadmin/funadmin/pulls/59

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-7733

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-7733

reference_url

https://vuldb.com/submit/807559

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://vuldb.com/submit/807559

reference_url

https://vuldb.com/vuln/360908

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://vuldb.com/vuln/360908

reference_url

https://vuldb.com/vuln/360908/cti

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://vuldb.com/vuln/360908/cti

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://gitee.com/funadmin/funadmin/

reference_id

funadmin

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://gitee.com/funadmin/funadmin/

reference_url	https://github.com/advisories/GHSA-qhh7-263p-54r3
reference_id	GHSA-qhh7-263p-54r3
reference_type
scores
url	https://github.com/advisories/GHSA-qhh7-263p-54r3

fixed_packages

aliases CVE-2026-7733, GHSA-qhh7-263p-54r3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fg7-a2ep-hbaf

url VCID-5am8-jn6b-jkbw

vulnerability_id VCID-5am8-jn6b-jkbw

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24776

reference_id

reference_type

scores

value	0.02427
scoring_system	epss
scoring_elements	0.8542
published_at	2026-06-04T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85444
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24776

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:24:45Z/

url

https://github.com/funadmin/funadmin/issues/7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24776

reference_id

CVE-2023-24776

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24776

reference_url	https://github.com/advisories/GHSA-7g53-jj25-jhgr
reference_id	GHSA-7g53-jj25-jhgr
reference_type
scores
url	https://github.com/advisories/GHSA-7g53-jj25-jhgr

fixed_packages

url pkg:composer/funadmin/funadmin@3.2.1

purl pkg:composer/funadmin/funadmin@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-35ct-q1yb-pybd

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-bu27-6n4r-j7bf

vulnerability	VCID-fewy-6yp9-8ue1

vulnerability	VCID-fqy9-sahj-abd7

vulnerability	VCID-h19b-rapd-zyda

vulnerability	VCID-jvdn-x41a-quh3

vulnerability	VCID-sgfb-bshy-x3dz

vulnerability	VCID-sr6g-h6c6-yudy

vulnerability	VCID-t11u-bkvq-6fh4

vulnerability	VCID-tcz1-xmbs-3bhd

vulnerability	VCID-y5b7-e9fx-1ubm

vulnerability	VCID-zuqp-dewf-pfew

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1

aliases CVE-2023-24776, GHSA-7g53-jj25-jhgr

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5am8-jn6b-jkbw

url

VCID-6ex5-r7ck-nkgu

vulnerability_id

VCID-6ex5-r7ck-nkgu

summary

funadmin exposes sensitive information via getMember function
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2894

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.16286
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2894

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/1

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://github.com/I4m6da/CVE/issues/1

reference_url

https://vuldb.com/?ctiid.347205

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://vuldb.com/?ctiid.347205

reference_url

https://vuldb.com/?id.347205

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://vuldb.com/?id.347205

reference_url

https://vuldb.com/?submit.753969

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://vuldb.com/?submit.753969

reference_url

https://github.com/I4m6da/CVE/issues/1#issue-3884896592

reference_id

1#issue-3884896592

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://github.com/I4m6da/CVE/issues/1#issue-3884896592

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2894

reference_id

CVE-2026-2894

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2894

reference_url

https://github.com/advisories/GHSA-8hhx-xq9j-xwfj

reference_id

GHSA-8hhx-xq9j-xwfj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8hhx-xq9j-xwfj

fixed_packages

aliases

CVE-2026-2894, GHSA-8hhx-xq9j-xwfj

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6ex5-r7ck-nkgu

url VCID-7ewc-fnrn-9qbc

vulnerability_id VCID-7ewc-fnrn-9qbc

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24780

reference_id

reference_type

scores

value	0.00526
scoring_system	epss
scoring_elements	0.67369
published_at	2026-06-04T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.6741
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24780

reference_url

https://github.com/funadmin/funadmin/issues/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T17:41:37Z/

url

https://github.com/funadmin/funadmin/issues/6

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24780

reference_id

CVE-2023-24780

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24780

reference_url	https://github.com/advisories/GHSA-7pmh-8qjj-4q36
reference_id	GHSA-7pmh-8qjj-4q36
reference_type
scores
url	https://github.com/advisories/GHSA-7pmh-8qjj-4q36

fixed_packages

url pkg:composer/funadmin/funadmin@3.2.1

purl pkg:composer/funadmin/funadmin@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-35ct-q1yb-pybd

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-bu27-6n4r-j7bf

vulnerability	VCID-fewy-6yp9-8ue1

vulnerability	VCID-fqy9-sahj-abd7

vulnerability	VCID-h19b-rapd-zyda

vulnerability	VCID-jvdn-x41a-quh3

vulnerability	VCID-sgfb-bshy-x3dz

vulnerability	VCID-sr6g-h6c6-yudy

vulnerability	VCID-t11u-bkvq-6fh4

vulnerability	VCID-tcz1-xmbs-3bhd

vulnerability	VCID-y5b7-e9fx-1ubm

vulnerability	VCID-zuqp-dewf-pfew

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1

aliases CVE-2023-24780, GHSA-7pmh-8qjj-4q36

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ewc-fnrn-9qbc

url

VCID-b9k4-kuhe-sug9

vulnerability_id

VCID-b9k4-kuhe-sug9

summary

funadmin: XSS through Value argument in Backend Interface component
A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2897

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12944
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2897

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/4

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://github.com/I4m6da/CVE/issues/4

reference_url

https://github.com/I4m6da/CVE/issues/4#issue-3890421022

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://github.com/I4m6da/CVE/issues/4#issue-3890421022

reference_url

https://vuldb.com/?ctiid.347208

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://vuldb.com/?ctiid.347208

reference_url

https://vuldb.com/?id.347208

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://vuldb.com/?id.347208

reference_url

https://vuldb.com/?submit.753975

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://vuldb.com/?submit.753975

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2897

reference_id

CVE-2026-2897

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2897

reference_url

https://github.com/advisories/GHSA-rfh7-7v27-6p9r

reference_id

GHSA-rfh7-7v27-6p9r

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rfh7-7v27-6p9r

fixed_packages

aliases

CVE-2026-2897, GHSA-rfh7-7v27-6p9r

risk_score

1.4

exploitability

0.5

weighted_severity

2.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-b9k4-kuhe-sug9

url

VCID-bhzu-quhs-c3dh

vulnerability_id

VCID-bhzu-quhs-c3dh

summary

funadmin has Weak Password Recovery Mechanism for Forgotten Password
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2895

reference_id

reference_type

scores

value	0.00128
scoring_system	epss
scoring_elements	0.31769
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2895

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/2

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://github.com/I4m6da/CVE/issues/2

reference_url

https://vuldb.com/?ctiid.347206

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://vuldb.com/?ctiid.347206

reference_url

https://vuldb.com/?id.347206

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://vuldb.com/?id.347206

reference_url

https://vuldb.com/?submit.753971

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://vuldb.com/?submit.753971

reference_url

https://github.com/I4m6da/CVE/issues/2#issue-3884919985

reference_id

2#issue-3884919985

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://github.com/I4m6da/CVE/issues/2#issue-3884919985

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2895

reference_id

CVE-2026-2895

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2895

reference_url

https://github.com/advisories/GHSA-fmr2-m7gc-577w

reference_id

GHSA-fmr2-m7gc-577w

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fmr2-m7gc-577w

fixed_packages

aliases

CVE-2026-2895, GHSA-fmr2-m7gc-577w

risk_score

1.6

exploitability

0.5

weighted_severity

3.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-bhzu-quhs-c3dh

url VCID-bu27-6n4r-j7bf

vulnerability_id VCID-bu27-6n4r-j7bf

summary

Funadmin Cross-site Scripting vulnerability
An issue was found in funadmin 5.0.2. The selectfiles method in `\backend\controller\sys\Attachh.php` directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48228

reference_id

reference_type

scores

value	0.00168
scoring_system	epss
scoring_elements	0.37791
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48228

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/31

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:02:03Z/

url

https://github.com/funadmin/funadmin/issues/31

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48228

reference_id

CVE-2024-48228

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48228

reference_url	https://github.com/advisories/GHSA-j9wp-x5q5-xh2f
reference_id	GHSA-j9wp-x5q5-xh2f
reference_type
scores
url	https://github.com/advisories/GHSA-j9wp-x5q5-xh2f

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48228, GHSA-j9wp-x5q5-xh2f

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bu27-6n4r-j7bf

url VCID-fewy-6yp9-8ue1

vulnerability_id VCID-fewy-6yp9-8ue1

summary

SQL injection in funadmin
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48229

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32501
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48229

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/28

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:08:28Z/

url

https://github.com/funadmin/funadmin/issues/28

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48229

reference_id

CVE-2024-48229

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48229

reference_url	https://github.com/advisories/GHSA-h345-r48x-g68f
reference_id	GHSA-h345-r48x-g68f
reference_type
scores
url	https://github.com/advisories/GHSA-h345-r48x-g68f

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48229, GHSA-h345-r48x-g68f

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fewy-6yp9-8ue1

url VCID-fqy9-sahj-abd7

vulnerability_id VCID-fqy9-sahj-abd7

summary

SQL injection in funadmin
Funadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/edit`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48222

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40516
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48222

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/22

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:45:28Z/

url

https://github.com/funadmin/funadmin/issues/22

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48222

reference_id

CVE-2024-48222

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48222

reference_url	https://github.com/advisories/GHSA-5g66-93qv-565j
reference_id	GHSA-5g66-93qv-565j
reference_type
scores
url	https://github.com/advisories/GHSA-5g66-93qv-565j

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48222, GHSA-5g66-93qv-565j

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqy9-sahj-abd7

url

VCID-h19b-rapd-zyda

vulnerability_id

VCID-h19b-rapd-zyda

summary

funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2898

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.11235
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2898

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/5

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://github.com/I4m6da/CVE/issues/5

reference_url

https://github.com/I4m6da/CVE/issues/5#issue-3890444166

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://github.com/I4m6da/CVE/issues/5#issue-3890444166

reference_url

https://vuldb.com/?ctiid.347209

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://vuldb.com/?ctiid.347209

reference_url

https://vuldb.com/?id.347209

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://vuldb.com/?id.347209

reference_url

https://vuldb.com/?submit.753976

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://vuldb.com/?submit.753976

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2898

reference_id

CVE-2026-2898

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2898

reference_url

https://github.com/advisories/GHSA-gcxp-xg77-798j

reference_id

GHSA-gcxp-xg77-798j

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gcxp-xg77-798j

fixed_packages

aliases

CVE-2026-2898, GHSA-gcxp-xg77-798j

risk_score

2.5

exploitability

0.5

weighted_severity

5.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-h19b-rapd-zyda

url VCID-jvdn-x41a-quh3

vulnerability_id VCID-jvdn-x41a-quh3

summary

SQL injection in funadmin
Funadmin 5.0.2 is vulnerable to SQL Injection in `curd/table/savefield`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48226

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32501
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48226

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/26

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:16:04Z/

url

https://github.com/funadmin/funadmin/issues/26

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48226

reference_id

CVE-2024-48226

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48226

reference_url	https://github.com/advisories/GHSA-9gw3-qr2f-3vg5
reference_id	GHSA-9gw3-qr2f-3vg5
reference_type
scores
url	https://github.com/advisories/GHSA-9gw3-qr2f-3vg5

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48226, GHSA-9gw3-qr2f-3vg5

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvdn-x41a-quh3

url VCID-mczj-gm74-ubdn

vulnerability_id VCID-mczj-gm74-ubdn

summary

Funadmin vulnerable to SQL injection
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24774

reference_id

reference_type

scores

value	0.01272
scoring_system	epss
scoring_elements	0.79862
published_at	2026-06-04T12:55:00Z

value	0.01272
scoring_system	epss
scoring_elements	0.79887
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24774

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/12

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T15:23:33Z/

url

https://github.com/funadmin/funadmin/issues/12

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24774

reference_id

CVE-2023-24774

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24774

reference_url	https://github.com/advisories/GHSA-jx2x-fg9p-7gc7
reference_id	GHSA-jx2x-fg9p-7gc7
reference_type
scores
url	https://github.com/advisories/GHSA-jx2x-fg9p-7gc7

fixed_packages

url pkg:composer/funadmin/funadmin@3.2.1

purl pkg:composer/funadmin/funadmin@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-35ct-q1yb-pybd

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-bu27-6n4r-j7bf

vulnerability	VCID-fewy-6yp9-8ue1

vulnerability	VCID-fqy9-sahj-abd7

vulnerability	VCID-h19b-rapd-zyda

vulnerability	VCID-jvdn-x41a-quh3

vulnerability	VCID-sgfb-bshy-x3dz

vulnerability	VCID-sr6g-h6c6-yudy

vulnerability	VCID-t11u-bkvq-6fh4

vulnerability	VCID-tcz1-xmbs-3bhd

vulnerability	VCID-y5b7-e9fx-1ubm

vulnerability	VCID-zuqp-dewf-pfew

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1

aliases CVE-2023-24774, GHSA-jx2x-fg9p-7gc7

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mczj-gm74-ubdn

url VCID-qf1y-1mk4-7ugv

vulnerability_id VCID-qf1y-1mk4-7ugv

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24781

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50703
published_at	2026-06-04T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50764
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24781

reference_url

https://github.com/funadmin/funadmin/issues/8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T17:42:51Z/

url

https://github.com/funadmin/funadmin/issues/8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24781

reference_id

CVE-2023-24781

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24781

reference_url	https://github.com/advisories/GHSA-vhrv-9f9g-rfrx
reference_id	GHSA-vhrv-9f9g-rfrx
reference_type
scores
url	https://github.com/advisories/GHSA-vhrv-9f9g-rfrx

fixed_packages

url pkg:composer/funadmin/funadmin@3.2.1

purl pkg:composer/funadmin/funadmin@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-35ct-q1yb-pybd

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-bu27-6n4r-j7bf

vulnerability	VCID-fewy-6yp9-8ue1

vulnerability	VCID-fqy9-sahj-abd7

vulnerability	VCID-h19b-rapd-zyda

vulnerability	VCID-jvdn-x41a-quh3

vulnerability	VCID-sgfb-bshy-x3dz

vulnerability	VCID-sr6g-h6c6-yudy

vulnerability	VCID-t11u-bkvq-6fh4

vulnerability	VCID-tcz1-xmbs-3bhd

vulnerability	VCID-y5b7-e9fx-1ubm

vulnerability	VCID-zuqp-dewf-pfew

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1

aliases CVE-2023-24781, GHSA-vhrv-9f9g-rfrx

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1y-1mk4-7ugv

url VCID-sgfb-bshy-x3dz

vulnerability_id VCID-sgfb-bshy-x3dz

summary

SQL injection in funadmin
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of `\backend\controller\auth\Auth.php`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48230

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.38786
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48230

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/30

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:06:47Z/

url

https://github.com/funadmin/funadmin/issues/30

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48230

reference_id

CVE-2024-48230

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48230

reference_url	https://github.com/advisories/GHSA-2mv8-jjm5-f3hr
reference_id	GHSA-2mv8-jjm5-f3hr
reference_type
scores
url	https://github.com/advisories/GHSA-2mv8-jjm5-f3hr

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48230, GHSA-2mv8-jjm5-f3hr

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgfb-bshy-x3dz

url VCID-sr6g-h6c6-yudy

vulnerability_id VCID-sr6g-h6c6-yudy

summary

SQL injection in funadmin
Funadmin v5.0.2 has an arbitrary file read vulnerability in `/curd/index/editfile`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48224

reference_id

reference_type

scores

value	0.00184
scoring_system	epss
scoring_elements	0.39957
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48224

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T17:52:45Z/

url

https://github.com/funadmin/funadmin/issues/24

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48224

reference_id

CVE-2024-48224

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48224

reference_url	https://github.com/advisories/GHSA-6j8f-88mh-r9vq
reference_id	GHSA-6j8f-88mh-r9vq
reference_type
scores
url	https://github.com/advisories/GHSA-6j8f-88mh-r9vq

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48224, GHSA-6j8f-88mh-r9vq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sr6g-h6c6-yudy

url VCID-t11u-bkvq-6fh4

vulnerability_id VCID-t11u-bkvq-6fh4

summary

Logic flaw in Funadmin
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48227

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25265
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48227

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/27

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:11:11Z/

url

https://github.com/funadmin/funadmin/issues/27

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48227

reference_id

CVE-2024-48227

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48227

reference_url	https://github.com/advisories/GHSA-r9v5-q97m-rj5g
reference_id	GHSA-r9v5-q97m-rj5g
reference_type
scores
url	https://github.com/advisories/GHSA-r9v5-q97m-rj5g

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48227, GHSA-r9v5-q97m-rj5g

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t11u-bkvq-6fh4

url VCID-tcz1-xmbs-3bhd

vulnerability_id VCID-tcz1-xmbs-3bhd

summary

SQL injection in funadmin
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48231

reference_id

reference_type

scores

value	0.00143
scoring_system	epss
scoring_elements	0.34293
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48231

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/29

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-21T18:39:17Z/

url

https://github.com/funadmin/funadmin/issues/29

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48231

reference_id

CVE-2024-48231

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48231

reference_url	https://github.com/advisories/GHSA-7pp4-388x-2xqj
reference_id	GHSA-7pp4-388x-2xqj
reference_type
scores
url	https://github.com/advisories/GHSA-7pp4-388x-2xqj

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48231, GHSA-7pp4-388x-2xqj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcz1-xmbs-3bhd

url VCID-ttgh-zgrs-z7ac

vulnerability_id VCID-ttgh-zgrs-z7ac

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24777

reference_id

reference_type

scores

value	0.00247
scoring_system	epss
scoring_elements	0.48212
published_at	2026-06-04T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.48275
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24777

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/5

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:43:26Z/

url

https://github.com/funadmin/funadmin/issues/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24777

reference_id

CVE-2023-24777

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24777

reference_url	https://github.com/advisories/GHSA-pvp6-53r9-8vxh
reference_id	GHSA-pvp6-53r9-8vxh
reference_type
scores
url	https://github.com/advisories/GHSA-pvp6-53r9-8vxh

fixed_packages

url pkg:composer/funadmin/funadmin@3.2.1

purl pkg:composer/funadmin/funadmin@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-35ct-q1yb-pybd

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-bu27-6n4r-j7bf

vulnerability	VCID-fewy-6yp9-8ue1

vulnerability	VCID-fqy9-sahj-abd7

vulnerability	VCID-h19b-rapd-zyda

vulnerability	VCID-jvdn-x41a-quh3

vulnerability	VCID-sgfb-bshy-x3dz

vulnerability	VCID-sr6g-h6c6-yudy

vulnerability	VCID-t11u-bkvq-6fh4

vulnerability	VCID-tcz1-xmbs-3bhd

vulnerability	VCID-y5b7-e9fx-1ubm

vulnerability	VCID-zuqp-dewf-pfew

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1

aliases CVE-2023-24777, GHSA-pvp6-53r9-8vxh

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttgh-zgrs-z7ac

url VCID-v9gy-vmmn-bkd7

vulnerability_id VCID-v9gy-vmmn-bkd7

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24782

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50703
published_at	2026-06-04T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50764
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24782

reference_url

https://github.com/funadmin/funadmin/issues/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:36:40Z/

url

https://github.com/funadmin/funadmin/issues/3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24782

reference_id

CVE-2023-24782

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24782

reference_url	https://github.com/advisories/GHSA-qhq8-2f3m-gxvp
reference_id	GHSA-qhq8-2f3m-gxvp
reference_type
scores
url	https://github.com/advisories/GHSA-qhq8-2f3m-gxvp

fixed_packages

url pkg:composer/funadmin/funadmin@3.2.1

purl pkg:composer/funadmin/funadmin@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-35ct-q1yb-pybd

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-bu27-6n4r-j7bf

vulnerability	VCID-fewy-6yp9-8ue1

vulnerability	VCID-fqy9-sahj-abd7

vulnerability	VCID-h19b-rapd-zyda

vulnerability	VCID-jvdn-x41a-quh3

vulnerability	VCID-sgfb-bshy-x3dz

vulnerability	VCID-sr6g-h6c6-yudy

vulnerability	VCID-t11u-bkvq-6fh4

vulnerability	VCID-tcz1-xmbs-3bhd

vulnerability	VCID-y5b7-e9fx-1ubm

vulnerability	VCID-zuqp-dewf-pfew

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1

aliases CVE-2023-24782, GHSA-qhq8-2f3m-gxvp

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9gy-vmmn-bkd7

url VCID-y5b7-e9fx-1ubm

vulnerability_id VCID-y5b7-e9fx-1ubm

summary

SQL injection in funadmin
Funadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/list`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48218

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40516
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48218

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/21

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:44:11Z/

url

https://github.com/funadmin/funadmin/issues/21

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48218

reference_id

CVE-2024-48218

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48218

reference_url	https://github.com/advisories/GHSA-h4px-9vmp-p7pv
reference_id	GHSA-h4px-9vmp-p7pv
reference_type
scores
url	https://github.com/advisories/GHSA-h4px-9vmp-p7pv

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48218, GHSA-h4px-9vmp-p7pv

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5b7-e9fx-1ubm

url VCID-zuqp-dewf-pfew

vulnerability_id VCID-zuqp-dewf-pfew

summary

SQL injection in funadmin
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in `/curd/index/delfile`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48225

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32348
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48225

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	7.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/25

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	7.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:18:25Z/

url

https://github.com/funadmin/funadmin/issues/25

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48225

reference_id

CVE-2024-48225

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	7.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48225

reference_url	https://github.com/advisories/GHSA-vw6x-c5rg-jmjp
reference_id	GHSA-vw6x-c5rg-jmjp
reference_type
scores
url	https://github.com/advisories/GHSA-vw6x-c5rg-jmjp

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-h19b-rapd-zyda

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48225, GHSA-vw6x-c5rg-jmjp

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zuqp-dewf-pfew

url VCID-zzdd-fpz6-efgy

vulnerability_id VCID-zzdd-fpz6-efgy

summary

SQL Injection in Funadmin
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24775

reference_id

reference_type

scores

value	0.11485
scoring_system	epss
scoring_elements	0.93747
published_at	2026-06-04T12:55:00Z

value	0.11485
scoring_system	epss
scoring_elements	0.93757
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24775

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/funadmin/funadmin/issues/9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T14:53:19Z/

url

https://github.com/funadmin/funadmin/issues/9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24775

reference_id

CVE-2023-24775

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24775

reference_url	https://github.com/advisories/GHSA-v43v-pv95-jc55
reference_id	GHSA-v43v-pv95-jc55
reference_type
scores
url	https://github.com/advisories/GHSA-v43v-pv95-jc55

fixed_packages

url pkg:composer/funadmin/funadmin@3.2.1

purl pkg:composer/funadmin/funadmin@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14y6-675h-rfex

vulnerability	VCID-35ct-q1yb-pybd

vulnerability	VCID-4fg7-a2ep-hbaf

vulnerability	VCID-6ex5-r7ck-nkgu

vulnerability	VCID-b9k4-kuhe-sug9

vulnerability	VCID-bhzu-quhs-c3dh

vulnerability	VCID-bu27-6n4r-j7bf

vulnerability	VCID-fewy-6yp9-8ue1

vulnerability	VCID-fqy9-sahj-abd7

vulnerability	VCID-h19b-rapd-zyda

vulnerability	VCID-jvdn-x41a-quh3

vulnerability	VCID-sgfb-bshy-x3dz

vulnerability	VCID-sr6g-h6c6-yudy

vulnerability	VCID-t11u-bkvq-6fh4

vulnerability	VCID-tcz1-xmbs-3bhd

vulnerability	VCID-y5b7-e9fx-1ubm

vulnerability	VCID-zuqp-dewf-pfew

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1

aliases CVE-2023-24775, GHSA-v43v-pv95-jc55

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zzdd-fpz6-efgy

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.0

Package Instance