Description
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-21
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Account Compromise
Action: Apply Fix
AI Analysis

Impact

The vulnerability resides in funadmin’s Member.php repass function, where manipulation of the forget_code or vercode arguments allows an attacker to trigger weak password recovery. This flaw can bypass proper verification, potentially giving an attacker the ability to reset or retrieve a user’s password. Categorized as CWE‑640 due to inadequate authorization checks, a successful exploit would enable unauthorized access to accounts, leading to confidentiality loss and possible privilege escalation.

Affected Systems

All installations of funadmin up to and including version 7.1.0‑rc4 are affected, as the flaw exists within the repass routine of app/frontend/controller/Member.php. The vulnerability applies regardless of the operating environment because no platform constraints are specified, meaning every deployed instance of funadmin lacking an update could be vulnerable.

Risk and Exploitability

The CVSS score of 6.3 signals moderate severity, but the need for high attack complexity and the difficulty of exploitation lower the immediate threat. The EPSS score of less than 1% indicates that, as of now, the probability of widespread attacks is low. However, the exploit has been made publicly available and is not listed in the KEV catalog, meaning that determined attackers could still target exposed systems remotely by crafting malicious requests to the password recovery endpoint.

Generated by OpenCVE AI on April 18, 2026 at 11:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade funadmin to a version newer than 7.1.0‑rc4 to remove the vulnerable repass implementation.
  • Restrict access to the password recovery endpoint by enforcing stricter authorization checks, such as requiring authenticated sessions or secondary verification steps before allowing password resets.
  • Implement temporary hardening by disabling the vulnerable feature or adding custom token validation logic to ensure that only legitimate recovery requests are processed, thereby mitigating the risk until an official patch is applied.

Generated by OpenCVE AI on April 18, 2026 at 11:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fmr2-m7gc-577w funadmin has Weak Password Recovery Mechanism for Forgotten Password
History

Tue, 24 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:funadmin:funadmin:7.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:funadmin:funadmin:7.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:funadmin:funadmin:7.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:funadmin:funadmin:7.1.0:rc4:*:*:*:*:*:*

Mon, 23 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 21 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title funadmin Member.php repass password recovery
First Time appeared Funadmin
Funadmin funadmin
Weaknesses CWE-640
CPEs cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*
Vendors & Products Funadmin
Funadmin funadmin
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Funadmin Funadmin
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T19:27:18.883Z

Reserved: 2026-02-20T18:56:43.277Z

Link: CVE-2026-2895

cve-icon Vulnrichment

Updated: 2026-02-23T19:27:07.887Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-21T23:15:59.990

Modified: 2026-02-24T16:42:44.140

Link: CVE-2026-2895

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:30:44Z

Weaknesses