Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/funadmin/funadmin@5.0.2

Type composer

Namespace funadmin

Name funadmin

Version 5.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-24ek-5vzy-2fg3

vulnerability_id

VCID-24ek-5vzy-2fg3

summary

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 59. To fix this issue, it is recommended to deploy a patch.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7733

reference_id

reference_type

scores

value	0.00065
scoring_system	epss
scoring_elements	0.20476
published_at	2026-06-12T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20299
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7733

reference_url

https://gitee.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitee.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-7733

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-7733

reference_url

https://vuldb.com/vuln/360908

reference_id

360908

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://vuldb.com/vuln/360908

reference_url

https://gitee.com/funadmin/funadmin/pulls/59

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://gitee.com/funadmin/funadmin/pulls/59

reference_url

https://vuldb.com/submit/807559

reference_id

807559

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://vuldb.com/submit/807559

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://vuldb.com/vuln/360908/cti

reference_id

cti

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://vuldb.com/vuln/360908/cti

reference_url

https://gitee.com/funadmin/funadmin/

reference_id

funadmin

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://gitee.com/funadmin/funadmin/

reference_url

https://github.com/advisories/GHSA-qhh7-263p-54r3

reference_id

GHSA-qhh7-263p-54r3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qhh7-263p-54r3

reference_url

https://gitee.com/funadmin/funadmin/issues/IJ8NXT

reference_id

IJ8NXT

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/

url

https://gitee.com/funadmin/funadmin/issues/IJ8NXT

fixed_packages

aliases

CVE-2026-7733, GHSA-qhh7-263p-54r3

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-24ek-5vzy-2fg3

url VCID-2c21-4zuk-z3hf

vulnerability_id VCID-2c21-4zuk-z3hf

summary funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48229

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32643
published_at	2026-06-12T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32462
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48229

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48229

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48229

reference_url

https://github.com/funadmin/funadmin/issues/28

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:08:28Z/

url

https://github.com/funadmin/funadmin/issues/28

reference_url	https://github.com/advisories/GHSA-h345-r48x-g68f
reference_id	GHSA-h345-r48x-g68f
reference_type
scores
url	https://github.com/advisories/GHSA-h345-r48x-g68f

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48229, GHSA-h345-r48x-g68f

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c21-4zuk-z3hf

url VCID-2fjq-u8cu-5qf4

vulnerability_id VCID-2fjq-u8cu-5qf4

summary Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48226

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32643
published_at	2026-06-12T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32462
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48226

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48226

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48226

reference_url

https://github.com/funadmin/funadmin/issues/26

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:16:04Z/

url

https://github.com/funadmin/funadmin/issues/26

reference_url	https://github.com/advisories/GHSA-9gw3-qr2f-3vg5
reference_id	GHSA-9gw3-qr2f-3vg5
reference_type
scores
url	https://github.com/advisories/GHSA-9gw3-qr2f-3vg5

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48226, GHSA-9gw3-qr2f-3vg5

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fjq-u8cu-5qf4

url

VCID-86eu-w8s6-sqdp

vulnerability_id

VCID-86eu-w8s6-sqdp

summary

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2897

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.13031
published_at	2026-06-12T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12936
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2897

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/4

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://github.com/I4m6da/CVE/issues/4

reference_url

https://github.com/I4m6da/CVE/issues/4#issue-3890421022

reference_id

4#issue-3890421022

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://github.com/I4m6da/CVE/issues/4#issue-3890421022

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://vuldb.com/?ctiid.347208

reference_id

?ctiid.347208

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://vuldb.com/?ctiid.347208

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2897

reference_id

CVE-2026-2897

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2897

reference_url

https://github.com/advisories/GHSA-rfh7-7v27-6p9r

reference_id

GHSA-rfh7-7v27-6p9r

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rfh7-7v27-6p9r

reference_url

https://vuldb.com/?id.347208

reference_id

?id.347208

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://vuldb.com/?id.347208

reference_url

https://vuldb.com/?submit.753975

reference_id

?submit.753975

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/

url

https://vuldb.com/?submit.753975

fixed_packages

aliases

CVE-2026-2897, GHSA-rfh7-7v27-6p9r

risk_score

2.1

exploitability

0.5

weighted_severity

4.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-86eu-w8s6-sqdp

url VCID-eacs-8tcp-1ues

vulnerability_id VCID-eacs-8tcp-1ues

summary Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48227

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25388
published_at	2026-06-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25191
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48227

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48227

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48227

reference_url

https://github.com/funadmin/funadmin/issues/27

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:11:11Z/

url

https://github.com/funadmin/funadmin/issues/27

reference_url	https://github.com/advisories/GHSA-r9v5-q97m-rj5g
reference_id	GHSA-r9v5-q97m-rj5g
reference_type
scores
url	https://github.com/advisories/GHSA-r9v5-q97m-rj5g

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48227, GHSA-r9v5-q97m-rj5g

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eacs-8tcp-1ues

url VCID-hs3v-jb33-mygx

vulnerability_id VCID-hs3v-jb33-mygx

summary Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48224

reference_id

reference_type

scores

value	0.00184
scoring_system	epss
scoring_elements	0.4014
published_at	2026-06-12T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.39971
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48224

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48224

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48224

reference_url

https://github.com/funadmin/funadmin/issues/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T17:52:45Z/

url

https://github.com/funadmin/funadmin/issues/24

reference_url	https://github.com/advisories/GHSA-6j8f-88mh-r9vq
reference_id	GHSA-6j8f-88mh-r9vq
reference_type
scores
url	https://github.com/advisories/GHSA-6j8f-88mh-r9vq

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48224, GHSA-6j8f-88mh-r9vq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hs3v-jb33-mygx

url VCID-jhhv-rwws-jbbz

vulnerability_id VCID-jhhv-rwws-jbbz

summary Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48223

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40696
published_at	2026-06-12T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40529
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48223

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48223

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48223

reference_url

https://github.com/funadmin/funadmin/issues/23

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:46:40Z/

url

https://github.com/funadmin/funadmin/issues/23

reference_url	https://github.com/advisories/GHSA-x2fr-vj74-5h35
reference_id	GHSA-x2fr-vj74-5h35
reference_type
scores
url	https://github.com/advisories/GHSA-x2fr-vj74-5h35

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48223, GHSA-x2fr-vj74-5h35

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhhv-rwws-jbbz

url VCID-jrrq-33ju-rfa9

vulnerability_id VCID-jrrq-33ju-rfa9

summary Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48225

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32497
published_at	2026-06-12T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32314
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48225

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	7.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48225

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	7.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48225

reference_url

https://github.com/funadmin/funadmin/issues/25

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	7.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:18:25Z/

url

https://github.com/funadmin/funadmin/issues/25

reference_url	https://github.com/advisories/GHSA-vw6x-c5rg-jmjp
reference_id	GHSA-vw6x-c5rg-jmjp
reference_type
scores
url	https://github.com/advisories/GHSA-vw6x-c5rg-jmjp

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48225, GHSA-vw6x-c5rg-jmjp

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrrq-33ju-rfa9

url

VCID-k5w7-y4as-m3d7

vulnerability_id

VCID-k5w7-y4as-m3d7

summary

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2896

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.14608
published_at	2026-06-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14489
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2896

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://github.com/I4m6da/CVE/issues/3

reference_url

https://github.com/I4m6da/CVE/issues/3#issue-3884949083

reference_id

3#issue-3884949083

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://github.com/I4m6da/CVE/issues/3#issue-3884949083

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://vuldb.com/?ctiid.347207

reference_id

?ctiid.347207

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://vuldb.com/?ctiid.347207

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2896

reference_id

CVE-2026-2896

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2896

reference_url

https://github.com/advisories/GHSA-5m2g-4cf6-c3rg

reference_id

GHSA-5m2g-4cf6-c3rg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5m2g-4cf6-c3rg

reference_url

https://vuldb.com/?id.347207

reference_id

?id.347207

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://vuldb.com/?id.347207

reference_url

https://vuldb.com/?submit.753972

reference_id

?submit.753972

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/

url

https://vuldb.com/?submit.753972

fixed_packages

aliases

CVE-2026-2896, GHSA-5m2g-4cf6-c3rg

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-k5w7-y4as-m3d7

url VCID-khmn-nf24-ffdx

vulnerability_id VCID-khmn-nf24-ffdx

summary Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48222

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40696
published_at	2026-06-12T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40529
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48222

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48222

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48222

reference_url

https://github.com/funadmin/funadmin/issues/22

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:45:28Z/

url

https://github.com/funadmin/funadmin/issues/22

reference_url	https://github.com/advisories/GHSA-5g66-93qv-565j
reference_id	GHSA-5g66-93qv-565j
reference_type
scores
url	https://github.com/advisories/GHSA-5g66-93qv-565j

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48222, GHSA-5g66-93qv-565j

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khmn-nf24-ffdx

url VCID-mcxx-jcvc-qqfn

vulnerability_id VCID-mcxx-jcvc-qqfn

summary Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48231

reference_id

reference_type

scores

value	0.00143
scoring_system	epss
scoring_elements	0.34468
published_at	2026-06-12T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3429
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48231

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48231

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48231

reference_url

https://github.com/funadmin/funadmin/issues/29

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-21T18:39:17Z/

url

https://github.com/funadmin/funadmin/issues/29

reference_url	https://github.com/advisories/GHSA-7pp4-388x-2xqj
reference_id	GHSA-7pp4-388x-2xqj
reference_type
scores
url	https://github.com/advisories/GHSA-7pp4-388x-2xqj

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48231, GHSA-7pp4-388x-2xqj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcxx-jcvc-qqfn

url

VCID-paun-khn9-w7gw

vulnerability_id

VCID-paun-khn9-w7gw

summary

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2898

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.11277
published_at	2026-06-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1121
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2898

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/5

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://github.com/I4m6da/CVE/issues/5

reference_url

https://github.com/I4m6da/CVE/issues/5#issue-3890444166

reference_id

5#issue-3890444166

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://github.com/I4m6da/CVE/issues/5#issue-3890444166

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://vuldb.com/?ctiid.347209

reference_id

?ctiid.347209

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://vuldb.com/?ctiid.347209

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2898

reference_id

CVE-2026-2898

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2898

reference_url

https://github.com/advisories/GHSA-gcxp-xg77-798j

reference_id

GHSA-gcxp-xg77-798j

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gcxp-xg77-798j

reference_url

https://vuldb.com/?id.347209

reference_id

?id.347209

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://vuldb.com/?id.347209

reference_url

https://vuldb.com/?submit.753976

reference_id

?submit.753976

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/

url

https://vuldb.com/?submit.753976

fixed_packages

aliases

CVE-2026-2898, GHSA-gcxp-xg77-798j

risk_score

3.0

exploitability

0.5

weighted_severity

5.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-paun-khn9-w7gw

url

VCID-tnra-1j33-n7ht

vulnerability_id

VCID-tnra-1j33-n7ht

summary

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2895

reference_id

reference_type

scores

value	0.00128
scoring_system	epss
scoring_elements	0.3192
published_at	2026-06-12T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.31731
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2895

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/2

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://github.com/I4m6da/CVE/issues/2

reference_url

https://github.com/I4m6da/CVE/issues/2#issue-3884919985

reference_id

2#issue-3884919985

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://github.com/I4m6da/CVE/issues/2#issue-3884919985

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://vuldb.com/?ctiid.347206

reference_id

?ctiid.347206

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://vuldb.com/?ctiid.347206

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2895

reference_id

CVE-2026-2895

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2895

reference_url

https://github.com/advisories/GHSA-fmr2-m7gc-577w

reference_id

GHSA-fmr2-m7gc-577w

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fmr2-m7gc-577w

reference_url

https://vuldb.com/?id.347206

reference_id

?id.347206

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://vuldb.com/?id.347206

reference_url

https://vuldb.com/?submit.753971

reference_id

?submit.753971

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/

url

https://vuldb.com/?submit.753971

fixed_packages

aliases

CVE-2026-2895, GHSA-fmr2-m7gc-577w

risk_score

2.9

exploitability

0.5

weighted_severity

5.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-tnra-1j33-n7ht

url VCID-v68x-ae2m-vfez

vulnerability_id VCID-v68x-ae2m-vfez

summary An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48228

reference_id

reference_type

scores

value	0.00168
scoring_system	epss
scoring_elements	0.37963
published_at	2026-06-12T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.37786
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48228

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48228

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48228

reference_url

https://github.com/funadmin/funadmin/issues/31

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:02:03Z/

url

https://github.com/funadmin/funadmin/issues/31

reference_url	https://github.com/advisories/GHSA-j9wp-x5q5-xh2f
reference_id	GHSA-j9wp-x5q5-xh2f
reference_type
scores
url	https://github.com/advisories/GHSA-j9wp-x5q5-xh2f

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48228, GHSA-j9wp-x5q5-xh2f

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v68x-ae2m-vfez

url

VCID-vtr7-bnqr-uuf4

vulnerability_id

VCID-vtr7-bnqr-uuf4

summary

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2894

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.16399
published_at	2026-06-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.16257
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2894

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://github.com/I4m6da/CVE/issues/1

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://github.com/I4m6da/CVE/issues/1

reference_url

https://github.com/I4m6da/CVE/issues/1#issue-3884896592

reference_id

1#issue-3884896592

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://github.com/I4m6da/CVE/issues/1#issue-3884896592

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::
reference_id	cpe:2.3:a:funadmin:funadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin::::::::

reference_url

https://vuldb.com/?ctiid.347205

reference_id

?ctiid.347205

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://vuldb.com/?ctiid.347205

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2894

reference_id

CVE-2026-2894

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2894

reference_url

https://github.com/advisories/GHSA-8hhx-xq9j-xwfj

reference_id

GHSA-8hhx-xq9j-xwfj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8hhx-xq9j-xwfj

reference_url

https://vuldb.com/?id.347205

reference_id

?id.347205

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://vuldb.com/?id.347205

reference_url

https://vuldb.com/?submit.753969

reference_id

?submit.753969

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/

url

https://vuldb.com/?submit.753969

fixed_packages

aliases

CVE-2026-2894, GHSA-8hhx-xq9j-xwfj

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-vtr7-bnqr-uuf4

url VCID-w8pj-n7nq-vkgz

vulnerability_id VCID-w8pj-n7nq-vkgz

summary funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48230

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.38967
published_at	2026-06-12T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38795
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48230

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48230

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48230

reference_url

https://github.com/funadmin/funadmin/issues/30

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:06:47Z/

url

https://github.com/funadmin/funadmin/issues/30

reference_url	https://github.com/advisories/GHSA-2mv8-jjm5-f3hr
reference_id	GHSA-2mv8-jjm5-f3hr
reference_type
scores
url	https://github.com/advisories/GHSA-2mv8-jjm5-f3hr

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48230, GHSA-2mv8-jjm5-f3hr

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8pj-n7nq-vkgz

url VCID-ysex-7khf-fqd2

vulnerability_id VCID-ysex-7khf-fqd2

summary Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48218

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40696
published_at	2026-06-12T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40529
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48218

reference_url

https://github.com/funadmin/funadmin

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/funadmin/funadmin

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48218

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48218

reference_url

https://github.com/funadmin/funadmin/issues/21

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:44:11Z/

url

https://github.com/funadmin/funadmin/issues/21

reference_url	https://github.com/advisories/GHSA-h4px-9vmp-p7pv
reference_id	GHSA-h4px-9vmp-p7pv
reference_type
scores
url	https://github.com/advisories/GHSA-h4px-9vmp-p7pv

fixed_packages

url pkg:composer/funadmin/funadmin@5.0.3

purl pkg:composer/funadmin/funadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24ek-5vzy-2fg3

vulnerability	VCID-86eu-w8s6-sqdp

vulnerability	VCID-k5w7-y4as-m3d7

vulnerability	VCID-paun-khn9-w7gw

vulnerability	VCID-tnra-1j33-n7ht

vulnerability	VCID-vtr7-bnqr-uuf4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3

aliases CVE-2024-48218, GHSA-h4px-9vmp-p7pv

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysex-7khf-fqd2

Fixing_vulnerabilities

Risk_score 4.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.2

Package Instance