{"url":"http://public2.vulnerablecode.io/api/packages/642103?format=json","purl":"pkg:composer/funadmin/funadmin@2.6.5","type":"composer","namespace":"funadmin","name":"funadmin","version":"2.6.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50295?format=json","vulnerability_id":"VCID-14y6-675h-rfex","summary":"funadmin has Incorrect Privilege Assignment in its Configuration Handler\nA weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2896","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14372","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14453","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14488","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14491","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2896"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/I4m6da/CVE/issues/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/"}],"url":"https://github.com/I4m6da/CVE/issues/3"},{"reference_url":"https://vuldb.com/?ctiid.347207","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/"}],"url":"https://vuldb.com/?ctiid.347207"},{"reference_url":"https://vuldb.com/?id.347207","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/"}],"url":"https://vuldb.com/?id.347207"},{"reference_url":"https://vuldb.com/?submit.753972","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/"}],"url":"https://vuldb.com/?submit.753972"},{"reference_url":"https://github.com/I4m6da/CVE/issues/3#issue-3884949083","reference_id":"3#issue-3884949083","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:23:55Z/"}],"url":"https://github.com/I4m6da/CVE/issues/3#issue-3884949083"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2896","reference_id":"CVE-2026-2896","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2896"},{"reference_url":"https://github.com/advisories/GHSA-5m2g-4cf6-c3rg","reference_id":"GHSA-5m2g-4cf6-c3rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m2g-4cf6-c3rg"}],"fixed_packages":[],"aliases":["CVE-2026-2896","GHSA-5m2g-4cf6-c3rg"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14y6-675h-rfex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56078?format=json","vulnerability_id":"VCID-35ct-q1yb-pybd","summary":"SQL injection in funadmin\nFunadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/fieldlist`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48223","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40516","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40491","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40518","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48223"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/23","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:46:40Z/"}],"url":"https://github.com/funadmin/funadmin/issues/23"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48223","reference_id":"CVE-2024-48223","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48223"},{"reference_url":"https://github.com/advisories/GHSA-x2fr-vj74-5h35","reference_id":"GHSA-x2fr-vj74-5h35","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x2fr-vj74-5h35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48223","GHSA-x2fr-vj74-5h35"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35ct-q1yb-pybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44629?format=json","vulnerability_id":"VCID-38zb-ggdz-nfcg","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24773","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50426","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50407","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50468","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50476","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50456","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24773"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:46:07Z/"}],"url":"https://github.com/funadmin/funadmin/issues/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24773","reference_id":"CVE-2023-24773","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24773"},{"reference_url":"https://github.com/advisories/GHSA-m8wf-wmwh-jw2m","reference_id":"GHSA-m8wf-wmwh-jw2m","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m8wf-wmwh-jw2m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/642108?format=json","purl":"pkg:composer/funadmin/funadmin@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-35ct-q1yb-pybd"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-bu27-6n4r-j7bf"},{"vulnerability":"VCID-fewy-6yp9-8ue1"},{"vulnerability":"VCID-fqy9-sahj-abd7"},{"vulnerability":"VCID-h19b-rapd-zyda"},{"vulnerability":"VCID-jvdn-x41a-quh3"},{"vulnerability":"VCID-sgfb-bshy-x3dz"},{"vulnerability":"VCID-sr6g-h6c6-yudy"},{"vulnerability":"VCID-t11u-bkvq-6fh4"},{"vulnerability":"VCID-tcz1-xmbs-3bhd"},{"vulnerability":"VCID-y5b7-e9fx-1ubm"},{"vulnerability":"VCID-zuqp-dewf-pfew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1"}],"aliases":["CVE-2023-24773","GHSA-m8wf-wmwh-jw2m"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38zb-ggdz-nfcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95627?format=json","vulnerability_id":"VCID-4fg7-a2ep-hbaf","summary":"Funadmin has an Improper Access Control Issue\nA flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 59. To fix this issue, it is recommended to deploy a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7733","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20319","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20214","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2028","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20328","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7733"},{"reference_url":"https://gitee.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitee.com/funadmin/funadmin"},{"reference_url":"https://gitee.com/funadmin/funadmin/issues/IJ8NXT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/"}],"url":"https://gitee.com/funadmin/funadmin/issues/IJ8NXT"},{"reference_url":"https://gitee.com/funadmin/funadmin/pulls/59","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/"}],"url":"https://gitee.com/funadmin/funadmin/pulls/59"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7733","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7733"},{"reference_url":"https://vuldb.com/submit/807559","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/"}],"url":"https://vuldb.com/submit/807559"},{"reference_url":"https://vuldb.com/vuln/360908","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/"}],"url":"https://vuldb.com/vuln/360908"},{"reference_url":"https://vuldb.com/vuln/360908/cti","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/"}],"url":"https://vuldb.com/vuln/360908/cti"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*"},{"reference_url":"https://gitee.com/funadmin/funadmin/","reference_id":"funadmin","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T12:52:05Z/"}],"url":"https://gitee.com/funadmin/funadmin/"},{"reference_url":"https://github.com/advisories/GHSA-qhh7-263p-54r3","reference_id":"GHSA-qhh7-263p-54r3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qhh7-263p-54r3"}],"fixed_packages":[],"aliases":["CVE-2026-7733","GHSA-qhh7-263p-54r3"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4fg7-a2ep-hbaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44602?format=json","vulnerability_id":"VCID-5am8-jn6b-jkbw","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nFunadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \\controller\\Addon.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24776","reference_id":"","reference_type":"","scores":[{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85429","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.8542","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85444","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85449","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24776"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:24:45Z/"}],"url":"https://github.com/funadmin/funadmin/issues/7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24776","reference_id":"CVE-2023-24776","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24776"},{"reference_url":"https://github.com/advisories/GHSA-7g53-jj25-jhgr","reference_id":"GHSA-7g53-jj25-jhgr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g53-jj25-jhgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/642108?format=json","purl":"pkg:composer/funadmin/funadmin@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-35ct-q1yb-pybd"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-bu27-6n4r-j7bf"},{"vulnerability":"VCID-fewy-6yp9-8ue1"},{"vulnerability":"VCID-fqy9-sahj-abd7"},{"vulnerability":"VCID-h19b-rapd-zyda"},{"vulnerability":"VCID-jvdn-x41a-quh3"},{"vulnerability":"VCID-sgfb-bshy-x3dz"},{"vulnerability":"VCID-sr6g-h6c6-yudy"},{"vulnerability":"VCID-t11u-bkvq-6fh4"},{"vulnerability":"VCID-tcz1-xmbs-3bhd"},{"vulnerability":"VCID-y5b7-e9fx-1ubm"},{"vulnerability":"VCID-zuqp-dewf-pfew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1"}],"aliases":["CVE-2023-24776","GHSA-7g53-jj25-jhgr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5am8-jn6b-jkbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50293?format=json","vulnerability_id":"VCID-6ex5-r7ck-nkgu","summary":"funadmin exposes sensitive information via getMember function\nA vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2894","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16286","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16151","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16234","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16276","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2894"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/I4m6da/CVE/issues/1","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/"}],"url":"https://github.com/I4m6da/CVE/issues/1"},{"reference_url":"https://vuldb.com/?ctiid.347205","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/"}],"url":"https://vuldb.com/?ctiid.347205"},{"reference_url":"https://vuldb.com/?id.347205","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/"}],"url":"https://vuldb.com/?id.347205"},{"reference_url":"https://vuldb.com/?submit.753969","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/"}],"url":"https://vuldb.com/?submit.753969"},{"reference_url":"https://github.com/I4m6da/CVE/issues/1#issue-3884896592","reference_id":"1#issue-3884896592","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:27:51Z/"}],"url":"https://github.com/I4m6da/CVE/issues/1#issue-3884896592"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2894","reference_id":"CVE-2026-2894","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2894"},{"reference_url":"https://github.com/advisories/GHSA-8hhx-xq9j-xwfj","reference_id":"GHSA-8hhx-xq9j-xwfj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hhx-xq9j-xwfj"}],"fixed_packages":[],"aliases":["CVE-2026-2894","GHSA-8hhx-xq9j-xwfj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ex5-r7ck-nkgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44632?format=json","vulnerability_id":"VCID-7ewc-fnrn-9qbc","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24780","reference_id":"","reference_type":"","scores":[{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67417","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67388","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67369","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67405","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.6741","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24780"},{"reference_url":"https://github.com/funadmin/funadmin/issues/6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T17:41:37Z/"}],"url":"https://github.com/funadmin/funadmin/issues/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24780","reference_id":"CVE-2023-24780","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24780"},{"reference_url":"https://github.com/advisories/GHSA-7pmh-8qjj-4q36","reference_id":"GHSA-7pmh-8qjj-4q36","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7pmh-8qjj-4q36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/642108?format=json","purl":"pkg:composer/funadmin/funadmin@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-35ct-q1yb-pybd"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-bu27-6n4r-j7bf"},{"vulnerability":"VCID-fewy-6yp9-8ue1"},{"vulnerability":"VCID-fqy9-sahj-abd7"},{"vulnerability":"VCID-h19b-rapd-zyda"},{"vulnerability":"VCID-jvdn-x41a-quh3"},{"vulnerability":"VCID-sgfb-bshy-x3dz"},{"vulnerability":"VCID-sr6g-h6c6-yudy"},{"vulnerability":"VCID-t11u-bkvq-6fh4"},{"vulnerability":"VCID-tcz1-xmbs-3bhd"},{"vulnerability":"VCID-y5b7-e9fx-1ubm"},{"vulnerability":"VCID-zuqp-dewf-pfew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1"}],"aliases":["CVE-2023-24780","GHSA-7pmh-8qjj-4q36"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ewc-fnrn-9qbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50296?format=json","vulnerability_id":"VCID-b9k4-kuhe-sug9","summary":"funadmin: XSS through Value argument in Backend Interface component\nA security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2897","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12944","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12822","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12908","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12947","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2897"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/I4m6da/CVE/issues/4","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/"}],"url":"https://github.com/I4m6da/CVE/issues/4"},{"reference_url":"https://github.com/I4m6da/CVE/issues/4#issue-3890421022","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/"}],"url":"https://github.com/I4m6da/CVE/issues/4#issue-3890421022"},{"reference_url":"https://vuldb.com/?ctiid.347208","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/"}],"url":"https://vuldb.com/?ctiid.347208"},{"reference_url":"https://vuldb.com/?id.347208","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/"}],"url":"https://vuldb.com/?id.347208"},{"reference_url":"https://vuldb.com/?submit.753975","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:19:26Z/"}],"url":"https://vuldb.com/?submit.753975"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2897","reference_id":"CVE-2026-2897","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2897"},{"reference_url":"https://github.com/advisories/GHSA-rfh7-7v27-6p9r","reference_id":"GHSA-rfh7-7v27-6p9r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rfh7-7v27-6p9r"}],"fixed_packages":[],"aliases":["CVE-2026-2897","GHSA-rfh7-7v27-6p9r"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9k4-kuhe-sug9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50294?format=json","vulnerability_id":"VCID-bhzu-quhs-c3dh","summary":"funadmin has Weak Password Recovery Mechanism for Forgotten Password\nA security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2895","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31769","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31664","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31697","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31735","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2895"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/I4m6da/CVE/issues/2","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/"}],"url":"https://github.com/I4m6da/CVE/issues/2"},{"reference_url":"https://vuldb.com/?ctiid.347206","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/"}],"url":"https://vuldb.com/?ctiid.347206"},{"reference_url":"https://vuldb.com/?id.347206","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/"}],"url":"https://vuldb.com/?id.347206"},{"reference_url":"https://vuldb.com/?submit.753971","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/"}],"url":"https://vuldb.com/?submit.753971"},{"reference_url":"https://github.com/I4m6da/CVE/issues/2#issue-3884919985","reference_id":"2#issue-3884919985","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:26:56Z/"}],"url":"https://github.com/I4m6da/CVE/issues/2#issue-3884919985"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2895","reference_id":"CVE-2026-2895","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2895"},{"reference_url":"https://github.com/advisories/GHSA-fmr2-m7gc-577w","reference_id":"GHSA-fmr2-m7gc-577w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fmr2-m7gc-577w"}],"fixed_packages":[],"aliases":["CVE-2026-2895","GHSA-fmr2-m7gc-577w"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhzu-quhs-c3dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56085?format=json","vulnerability_id":"VCID-bu27-6n4r-j7bf","summary":"Funadmin Cross-site Scripting vulnerability\nAn issue was found in funadmin 5.0.2. The selectfiles method in `\\backend\\controller\\sys\\Attachh.php` directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48228","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37726","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37764","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37794","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37791","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48228"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:02:03Z/"}],"url":"https://github.com/funadmin/funadmin/issues/31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48228","reference_id":"CVE-2024-48228","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48228"},{"reference_url":"https://github.com/advisories/GHSA-j9wp-x5q5-xh2f","reference_id":"GHSA-j9wp-x5q5-xh2f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j9wp-x5q5-xh2f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48228","GHSA-j9wp-x5q5-xh2f"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bu27-6n4r-j7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56079?format=json","vulnerability_id":"VCID-fewy-6yp9-8ue1","summary":"SQL injection in funadmin\nfunadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48229","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32501","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32399","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.3243","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32469","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48229"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/28","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:08:28Z/"}],"url":"https://github.com/funadmin/funadmin/issues/28"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48229","reference_id":"CVE-2024-48229","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48229"},{"reference_url":"https://github.com/advisories/GHSA-h345-r48x-g68f","reference_id":"GHSA-h345-r48x-g68f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h345-r48x-g68f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48229","GHSA-h345-r48x-g68f"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fewy-6yp9-8ue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56073?format=json","vulnerability_id":"VCID-fqy9-sahj-abd7","summary":"SQL injection in funadmin\nFunadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/edit`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48222","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40516","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40491","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40518","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48222"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/22","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:45:28Z/"}],"url":"https://github.com/funadmin/funadmin/issues/22"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48222","reference_id":"CVE-2024-48222","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48222"},{"reference_url":"https://github.com/advisories/GHSA-5g66-93qv-565j","reference_id":"GHSA-5g66-93qv-565j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5g66-93qv-565j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48222","GHSA-5g66-93qv-565j"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqy9-sahj-abd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50292?format=json","vulnerability_id":"VCID-h19b-rapd-zyda","summary":"funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function\nA vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2898","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11235","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11114","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11194","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11228","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2898"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/I4m6da/CVE/issues/5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/"}],"url":"https://github.com/I4m6da/CVE/issues/5"},{"reference_url":"https://github.com/I4m6da/CVE/issues/5#issue-3890444166","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/"}],"url":"https://github.com/I4m6da/CVE/issues/5#issue-3890444166"},{"reference_url":"https://vuldb.com/?ctiid.347209","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/"}],"url":"https://vuldb.com/?ctiid.347209"},{"reference_url":"https://vuldb.com/?id.347209","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/"}],"url":"https://vuldb.com/?id.347209"},{"reference_url":"https://vuldb.com/?submit.753976","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:15:34Z/"}],"url":"https://vuldb.com/?submit.753976"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2898","reference_id":"CVE-2026-2898","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2898"},{"reference_url":"https://github.com/advisories/GHSA-gcxp-xg77-798j","reference_id":"GHSA-gcxp-xg77-798j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcxp-xg77-798j"}],"fixed_packages":[],"aliases":["CVE-2026-2898","GHSA-gcxp-xg77-798j"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h19b-rapd-zyda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56077?format=json","vulnerability_id":"VCID-jvdn-x41a-quh3","summary":"SQL injection in funadmin\nFunadmin 5.0.2 is vulnerable to SQL Injection in `curd/table/savefield`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48226","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32501","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32399","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.3243","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32469","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48226"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/26","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:16:04Z/"}],"url":"https://github.com/funadmin/funadmin/issues/26"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48226","reference_id":"CVE-2024-48226","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48226"},{"reference_url":"https://github.com/advisories/GHSA-9gw3-qr2f-3vg5","reference_id":"GHSA-9gw3-qr2f-3vg5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9gw3-qr2f-3vg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48226","GHSA-9gw3-qr2f-3vg5"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvdn-x41a-quh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44649?format=json","vulnerability_id":"VCID-mczj-gm74-ubdn","summary":"Funadmin vulnerable to SQL injection\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\controller\\auth\\Auth.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24774","reference_id":"","reference_type":"","scores":[{"value":"0.01272","scoring_system":"epss","scoring_elements":"0.79876","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01272","scoring_system":"epss","scoring_elements":"0.79862","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01272","scoring_system":"epss","scoring_elements":"0.79887","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01272","scoring_system":"epss","scoring_elements":"0.79892","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24774"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/12","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T15:23:33Z/"}],"url":"https://github.com/funadmin/funadmin/issues/12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24774","reference_id":"CVE-2023-24774","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24774"},{"reference_url":"https://github.com/advisories/GHSA-jx2x-fg9p-7gc7","reference_id":"GHSA-jx2x-fg9p-7gc7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jx2x-fg9p-7gc7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/642108?format=json","purl":"pkg:composer/funadmin/funadmin@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-35ct-q1yb-pybd"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-bu27-6n4r-j7bf"},{"vulnerability":"VCID-fewy-6yp9-8ue1"},{"vulnerability":"VCID-fqy9-sahj-abd7"},{"vulnerability":"VCID-h19b-rapd-zyda"},{"vulnerability":"VCID-jvdn-x41a-quh3"},{"vulnerability":"VCID-sgfb-bshy-x3dz"},{"vulnerability":"VCID-sr6g-h6c6-yudy"},{"vulnerability":"VCID-t11u-bkvq-6fh4"},{"vulnerability":"VCID-tcz1-xmbs-3bhd"},{"vulnerability":"VCID-y5b7-e9fx-1ubm"},{"vulnerability":"VCID-zuqp-dewf-pfew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1"}],"aliases":["CVE-2023-24774","GHSA-jx2x-fg9p-7gc7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mczj-gm74-ubdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44620?format=json","vulnerability_id":"VCID-qf1y-1mk4-7ugv","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\member\\MemberLevel.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24781","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5077","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50719","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50703","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5075","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50764","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24781"},{"reference_url":"https://github.com/funadmin/funadmin/issues/8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T17:42:51Z/"}],"url":"https://github.com/funadmin/funadmin/issues/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24781","reference_id":"CVE-2023-24781","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24781"},{"reference_url":"https://github.com/advisories/GHSA-vhrv-9f9g-rfrx","reference_id":"GHSA-vhrv-9f9g-rfrx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vhrv-9f9g-rfrx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/642108?format=json","purl":"pkg:composer/funadmin/funadmin@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-35ct-q1yb-pybd"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-bu27-6n4r-j7bf"},{"vulnerability":"VCID-fewy-6yp9-8ue1"},{"vulnerability":"VCID-fqy9-sahj-abd7"},{"vulnerability":"VCID-h19b-rapd-zyda"},{"vulnerability":"VCID-jvdn-x41a-quh3"},{"vulnerability":"VCID-sgfb-bshy-x3dz"},{"vulnerability":"VCID-sr6g-h6c6-yudy"},{"vulnerability":"VCID-t11u-bkvq-6fh4"},{"vulnerability":"VCID-tcz1-xmbs-3bhd"},{"vulnerability":"VCID-y5b7-e9fx-1ubm"},{"vulnerability":"VCID-zuqp-dewf-pfew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1"}],"aliases":["CVE-2023-24781","GHSA-vhrv-9f9g-rfrx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1y-1mk4-7ugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56075?format=json","vulnerability_id":"VCID-sgfb-bshy-x3dz","summary":"SQL injection in funadmin\nfunadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of `\\backend\\controller\\auth\\Auth.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48230","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38734","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38762","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3879","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38786","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48230"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/30","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:06:47Z/"}],"url":"https://github.com/funadmin/funadmin/issues/30"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48230","reference_id":"CVE-2024-48230","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48230"},{"reference_url":"https://github.com/advisories/GHSA-2mv8-jjm5-f3hr","reference_id":"GHSA-2mv8-jjm5-f3hr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2mv8-jjm5-f3hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48230","GHSA-2mv8-jjm5-f3hr"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgfb-bshy-x3dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56080?format=json","vulnerability_id":"VCID-sr6g-h6c6-yudy","summary":"SQL injection in funadmin\nFunadmin v5.0.2 has an arbitrary file read vulnerability in `/curd/index/editfile`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48224","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39957","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39905","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39932","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3996","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48224"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-29T17:52:45Z/"}],"url":"https://github.com/funadmin/funadmin/issues/24"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48224","reference_id":"CVE-2024-48224","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48224"},{"reference_url":"https://github.com/advisories/GHSA-6j8f-88mh-r9vq","reference_id":"GHSA-6j8f-88mh-r9vq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6j8f-88mh-r9vq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48224","GHSA-6j8f-88mh-r9vq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sr6g-h6c6-yudy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56074?format=json","vulnerability_id":"VCID-t11u-bkvq-6fh4","summary":"Logic flaw in Funadmin\nFunadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48227","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25265","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25141","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25199","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25249","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48227"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:11:11Z/"}],"url":"https://github.com/funadmin/funadmin/issues/27"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48227","reference_id":"CVE-2024-48227","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48227"},{"reference_url":"https://github.com/advisories/GHSA-r9v5-q97m-rj5g","reference_id":"GHSA-r9v5-q97m-rj5g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r9v5-q97m-rj5g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48227","GHSA-r9v5-q97m-rj5g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t11u-bkvq-6fh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56041?format=json","vulnerability_id":"VCID-tcz1-xmbs-3bhd","summary":"SQL injection in funadmin\nFunadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \\app\\backend\\controller\\auth\\Auth.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48231","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34293","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34233","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34308","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48231"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/29","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-21T18:39:17Z/"}],"url":"https://github.com/funadmin/funadmin/issues/29"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48231","reference_id":"CVE-2024-48231","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48231"},{"reference_url":"https://github.com/advisories/GHSA-7pp4-388x-2xqj","reference_id":"GHSA-7pp4-388x-2xqj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7pp4-388x-2xqj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48231","GHSA-7pp4-388x-2xqj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcz1-xmbs-3bhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44633?format=json","vulnerability_id":"VCID-ttgh-zgrs-z7ac","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24777","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48232","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48212","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48275","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48279","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.4826","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24777"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:43:26Z/"}],"url":"https://github.com/funadmin/funadmin/issues/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24777","reference_id":"CVE-2023-24777","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24777"},{"reference_url":"https://github.com/advisories/GHSA-pvp6-53r9-8vxh","reference_id":"GHSA-pvp6-53r9-8vxh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pvp6-53r9-8vxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/642108?format=json","purl":"pkg:composer/funadmin/funadmin@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-35ct-q1yb-pybd"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-bu27-6n4r-j7bf"},{"vulnerability":"VCID-fewy-6yp9-8ue1"},{"vulnerability":"VCID-fqy9-sahj-abd7"},{"vulnerability":"VCID-h19b-rapd-zyda"},{"vulnerability":"VCID-jvdn-x41a-quh3"},{"vulnerability":"VCID-sgfb-bshy-x3dz"},{"vulnerability":"VCID-sr6g-h6c6-yudy"},{"vulnerability":"VCID-t11u-bkvq-6fh4"},{"vulnerability":"VCID-tcz1-xmbs-3bhd"},{"vulnerability":"VCID-y5b7-e9fx-1ubm"},{"vulnerability":"VCID-zuqp-dewf-pfew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1"}],"aliases":["CVE-2023-24777","GHSA-pvp6-53r9-8vxh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttgh-zgrs-z7ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44627?format=json","vulnerability_id":"VCID-v9gy-vmmn-bkd7","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24782","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5077","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50719","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50703","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5075","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50764","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24782"},{"reference_url":"https://github.com/funadmin/funadmin/issues/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T18:36:40Z/"}],"url":"https://github.com/funadmin/funadmin/issues/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24782","reference_id":"CVE-2023-24782","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24782"},{"reference_url":"https://github.com/advisories/GHSA-qhq8-2f3m-gxvp","reference_id":"GHSA-qhq8-2f3m-gxvp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qhq8-2f3m-gxvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/642108?format=json","purl":"pkg:composer/funadmin/funadmin@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-35ct-q1yb-pybd"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-bu27-6n4r-j7bf"},{"vulnerability":"VCID-fewy-6yp9-8ue1"},{"vulnerability":"VCID-fqy9-sahj-abd7"},{"vulnerability":"VCID-h19b-rapd-zyda"},{"vulnerability":"VCID-jvdn-x41a-quh3"},{"vulnerability":"VCID-sgfb-bshy-x3dz"},{"vulnerability":"VCID-sr6g-h6c6-yudy"},{"vulnerability":"VCID-t11u-bkvq-6fh4"},{"vulnerability":"VCID-tcz1-xmbs-3bhd"},{"vulnerability":"VCID-y5b7-e9fx-1ubm"},{"vulnerability":"VCID-zuqp-dewf-pfew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1"}],"aliases":["CVE-2023-24782","GHSA-qhq8-2f3m-gxvp"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9gy-vmmn-bkd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56082?format=json","vulnerability_id":"VCID-y5b7-e9fx-1ubm","summary":"SQL injection in funadmin\nFunadmin v5.0.2 has a SQL injection vulnerability in `/curd/table/list`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48218","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40516","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40491","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40518","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48218"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/21","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-29T17:44:11Z/"}],"url":"https://github.com/funadmin/funadmin/issues/21"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48218","reference_id":"CVE-2024-48218","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48218"},{"reference_url":"https://github.com/advisories/GHSA-h4px-9vmp-p7pv","reference_id":"GHSA-h4px-9vmp-p7pv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h4px-9vmp-p7pv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48218","GHSA-h4px-9vmp-p7pv"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5b7-e9fx-1ubm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56083?format=json","vulnerability_id":"VCID-zuqp-dewf-pfew","summary":"SQL injection in funadmin\nFunadmin v5.0.2 has an arbitrary file deletion vulnerability in `/curd/index/delfile`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48225","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32348","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32249","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32279","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32317","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48225"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/25","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T20:18:25Z/"}],"url":"https://github.com/funadmin/funadmin/issues/25"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48225","reference_id":"CVE-2024-48225","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48225"},{"reference_url":"https://github.com/advisories/GHSA-vw6x-c5rg-jmjp","reference_id":"GHSA-vw6x-c5rg-jmjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vw6x-c5rg-jmjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775504?format=json","purl":"pkg:composer/funadmin/funadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-h19b-rapd-zyda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@5.0.3"}],"aliases":["CVE-2024-48225","GHSA-vw6x-c5rg-jmjp"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zuqp-dewf-pfew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44617?format=json","vulnerability_id":"VCID-zzdd-fpz6-efgy","summary":"SQL Injection in Funadmin\nFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \\member\\Member.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24775","reference_id":"","reference_type":"","scores":[{"value":"0.11485","scoring_system":"epss","scoring_elements":"0.93755","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11485","scoring_system":"epss","scoring_elements":"0.93747","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11485","scoring_system":"epss","scoring_elements":"0.93757","published_at":"2026-06-05T12:55:00Z"},{"value":"0.11485","scoring_system":"epss","scoring_elements":"0.93756","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24775"},{"reference_url":"https://github.com/funadmin/funadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/funadmin/funadmin"},{"reference_url":"https://github.com/funadmin/funadmin/issues/9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-05T14:53:19Z/"}],"url":"https://github.com/funadmin/funadmin/issues/9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24775","reference_id":"CVE-2023-24775","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24775"},{"reference_url":"https://github.com/advisories/GHSA-v43v-pv95-jc55","reference_id":"GHSA-v43v-pv95-jc55","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v43v-pv95-jc55"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/642108?format=json","purl":"pkg:composer/funadmin/funadmin@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14y6-675h-rfex"},{"vulnerability":"VCID-35ct-q1yb-pybd"},{"vulnerability":"VCID-4fg7-a2ep-hbaf"},{"vulnerability":"VCID-6ex5-r7ck-nkgu"},{"vulnerability":"VCID-b9k4-kuhe-sug9"},{"vulnerability":"VCID-bhzu-quhs-c3dh"},{"vulnerability":"VCID-bu27-6n4r-j7bf"},{"vulnerability":"VCID-fewy-6yp9-8ue1"},{"vulnerability":"VCID-fqy9-sahj-abd7"},{"vulnerability":"VCID-h19b-rapd-zyda"},{"vulnerability":"VCID-jvdn-x41a-quh3"},{"vulnerability":"VCID-sgfb-bshy-x3dz"},{"vulnerability":"VCID-sr6g-h6c6-yudy"},{"vulnerability":"VCID-t11u-bkvq-6fh4"},{"vulnerability":"VCID-tcz1-xmbs-3bhd"},{"vulnerability":"VCID-y5b7-e9fx-1ubm"},{"vulnerability":"VCID-zuqp-dewf-pfew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@3.2.1"}],"aliases":["CVE-2023-24775","GHSA-v43v-pv95-jc55"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zzdd-fpz6-efgy"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/funadmin/funadmin@2.6.5"}