Vulnerabilities > Funadmin

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-22	CVE-2023-36097	Unrestricted Upload of File with Dangerous Type vulnerability in Funadmin 3.3.2/3.3.3 funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. network low complexity funadmin CWE-434 critical	9.8
2023-05-02	CVE-2023-2477	Cross-site Scripting vulnerability in Funadmin A vulnerability was found in Funadmin up to 3.2.3. network low complexity funadmin CWE-79	6.1
2023-03-10	CVE-2023-24774	SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. network low complexity funadmin CWE-89 critical	9.8
2023-03-08	CVE-2023-24777	SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. network low complexity funadmin CWE-89 critical	9.8
2023-03-08	CVE-2023-24782	SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. network low complexity funadmin CWE-89 critical	9.8
2023-03-08	CVE-2023-24773	SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. network low complexity funadmin CWE-89 critical	9.8
2023-03-08	CVE-2023-24780	SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. network low complexity funadmin CWE-89 critical	9.8
2023-03-07	CVE-2023-24775	SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. network low complexity funadmin CWE-89 critical	9.8
2023-03-07	CVE-2023-24781	SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. network low complexity funadmin CWE-89 critical	9.8
2023-03-06	CVE-2023-24776	Unspecified vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. network low complexity funadmin critical	9.8

Vulnerabilities > Funadmin {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Funadmin"}]}

Vulnerabilities > Funadmin