SQL Injection Vulnerability in Funadmin Version 3.2.0 by Funadmin
CVE-2023-24781

9.8CRITICAL

Key Information:

Vendor

Funadmin

Status
Funadmin
Vendor
CVE Published:
7 March 2023

What is CVE-2023-24781?

Funadmin version 3.2.0 is susceptible to a SQL injection vulnerability through the 'selectFields' parameter located in the member level management script. This flaw may allow unauthorized users to manipulate database queries, potentially gaining access to sensitive information or altering database content. It's critical for users to apply security best practices and ensure timely updates to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/funadmin/funadmin/issues/8

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.