Funadmin ≫ Funadmin

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php.

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be ...

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.