Funadmin/funadmin
This hub aggregates every CVE we track for Funadmin/funadmin, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
25
CVEs tracked
9
Critical
8
High
0
In CISA KEV
Severity distribution
CRITICAL9HIGH8MEDIUM6LOW2
Monthly trend
0
0
0
11
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
5
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Funadmin/funadmin.
- CVE-2026-2898funadmin Backend Endpoint AuthCloudService.php getMember deserialization5.5
- CVE-2026-2897funadmin Backend index.html cross site scripting2.4
- CVE-2026-2896funadmin Configuration Ajax.php setConfig improper authorization7.3
- CVE-2026-2895funadmin Member.php repass password recovery3.7
- CVE-2026-2894funadmin forget.html getMember information disclosure5.3
- CVE-2024-48228An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resu...6.1
- CVE-2024-48229funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.7.2
- CVE-2024-48226Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.7.2
- CVE-2024-48224Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.4.9
- CVE-2024-48227Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).4.9
- CVE-2024-48222Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.7.2
- CVE-2024-48230funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.7.2
- CVE-2024-48225Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.6.5
- CVE-2024-48218Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.7.2
- CVE-2024-48223Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.7.2
Product normalization is registry-driven with AI assist and human review. How it works