Vulnerabilities > Funadmin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-48218 | SQL Injection vulnerability in Funadmin 5.0.2 Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list. | 7.2 |
| 2024-10-25 | CVE-2024-48222 | SQL Injection vulnerability in Funadmin 5.0.2 Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit. | 7.2 |
| 2024-10-25 | CVE-2024-48223 | SQL Injection vulnerability in Funadmin 5.0.2 Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist. | 7.2 |
| 2024-10-25 | CVE-2024-48224 | Path Traversal vulnerability in Funadmin 5.0.2 Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. | 4.9 |
| 2024-10-25 | CVE-2024-48225 | Unspecified vulnerability in Funadmin 5.0.2 Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. | 6.5 |
| 2024-10-25 | CVE-2024-48226 | SQL Injection vulnerability in Funadmin 5.0.2 Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. | 7.2 |
| 2024-10-25 | CVE-2024-48227 | Unspecified vulnerability in Funadmin 5.0.2 Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). | 4.9 |
| 2024-10-25 | CVE-2024-48229 | SQL Injection vulnerability in Funadmin 5.0.2 funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin. | 7.2 |
| 2024-10-25 | CVE-2024-48230 | SQL Injection vulnerability in Funadmin 5.0.2 funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php. | 7.2 |
| 2023-06-22 | CVE-2023-36097 | Unrestricted Upload of File with Dangerous Type vulnerability in Funadmin 3.3.2/3.3.3 funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. | 9.8 |