Vulnerabilities > Funadmin > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-36097 | Unrestricted Upload of File with Dangerous Type vulnerability in Funadmin 3.3.2/3.3.3 funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. | 9.8 |
| 2023-03-10 | CVE-2023-24774 | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. | 9.8 |
| 2023-03-08 | CVE-2023-24777 | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. | 9.8 |
| 2023-03-08 | CVE-2023-24782 | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. | 9.8 |
| 2023-03-08 | CVE-2023-24773 | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. | 9.8 |
| 2023-03-08 | CVE-2023-24780 | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. | 9.8 |
| 2023-03-07 | CVE-2023-24775 | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. | 9.8 |
| 2023-03-07 | CVE-2023-24781 | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. | 9.8 |
| 2023-03-06 | CVE-2023-24776 | Unspecified vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. | 9.8 |