SQL Injection Vulnerability in Funadmin Product by Funadmin
CVE-2023-24780

9.8CRITICAL

Key Information:

Vendor: Funadmin
Status: Funadmin
Vendor: CVE Published:; 8 March 2023

What is CVE-2023-24780?

Funadmin v3.2.0 is impacted by a SQL injection vulnerability stemming from improper handling of the 'id' parameter in the endpoint /databases/table/columns. This flaw can potentially allow an attacker to manipulate database queries, leading to unauthorized access to sensitive data or an alteration of the database. It is essential for users of Funadmin to promptly assess their installations and apply necessary mitigations to safeguard their systems.

References

https://github.com/funadmin/funadmin/issues/6

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2023
Vulnerability Reserved
Jan 30, 2023

CVE-2023-24780 Data

JSON