7.5
CVE-2026-7733
- EPSS 0.29%
- Veröffentlicht 04.05.2026 06:16:02
- Zuletzt bearbeitet 05.05.2026 19:11:29
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
funadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted upload
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 59. To fix this issue, it is recommended to deploy a patch.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
funadmin
Version
7.1.0-rc1
Status
affected
Version
7.1.0-rc2
Status
affected
Version
7.1.0-rc3
Status
affected
Version
7.1.0-rc4
Status
affected
Version
7.1.0-rc5
Status
affected
Version
7.1.0-rc6
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.208 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 5.5 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://gitee.com/funadmin/funadmin/
https://gitee.com/funadmin/funadmin/issues/IJ8NXT
https://gitee.com/funadmin/funadmin/pulls/59
https://vuldb.com/submit/807559
https://vuldb.com/vuln/360908
https://vuldb.com/vuln/360908/cti