Filtered by vendor Funadmin Subscriptions
Filtered by product Funadmin Subscriptions
Total 21 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-36097 1 Funadmin 1 Funadmin 2024-12-02 9.8 Critical
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.
CVE-2023-2477 1 Funadmin 1 Funadmin 2024-11-21 3.5 Low
A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability.
CVE-2023-24782 1 Funadmin 1 Funadmin 2024-11-21 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.
CVE-2023-24781 1 Funadmin 1 Funadmin 2024-11-21 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.
CVE-2023-24780 1 Funadmin 1 Funadmin 2024-11-21 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.
CVE-2023-24777 1 Funadmin 1 Funadmin 2024-11-21 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.
CVE-2023-24776 1 Funadmin 1 Funadmin 2024-11-21 9.8 Critical
Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.
CVE-2023-24775 1 Funadmin 1 Funadmin 2024-11-21 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.
CVE-2023-24774 1 Funadmin 1 Funadmin 2024-11-21 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.
CVE-2023-24773 1 Funadmin 1 Funadmin 2024-11-21 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.
CVE-2024-48230 1 Funadmin 1 Funadmin 2024-10-31 9.8 Critical
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
CVE-2024-48229 1 Funadmin 1 Funadmin 2024-10-31 9.8 Critical
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.
CVE-2024-48227 1 Funadmin 1 Funadmin 2024-10-31 7.5 High
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).
CVE-2024-48223 1 Funadmin 1 Funadmin 2024-10-31 9.8 Critical
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
CVE-2024-48222 1 Funadmin 1 Funadmin 2024-10-31 9.8 Critical
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
CVE-2024-48218 1 Funadmin 1 Funadmin 2024-10-31 9.8 Critical
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
CVE-2024-48226 1 Funadmin 1 Funadmin 2024-10-31 9.8 Critical
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.
CVE-2024-48225 1 Funadmin 1 Funadmin 2024-10-31 9.1 Critical
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.
CVE-2024-48224 1 Funadmin 1 Funadmin 2024-10-31 7.5 High
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
CVE-2024-48228 1 Funadmin 1 Funadmin 2024-10-28 6.1 Medium
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).