Skip to main content

Funadmin CVE-2024-48227

MEDIUM
2024-10-25 cve@mitre.org
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 25, 2024 - 21:15 nvd
MEDIUM 4.9

DescriptionNVD

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).

AnalysisAI

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). Affected products include: Funadmin.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-36097 CRITICAL POC
9.8 Jun 22

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. Rated critical severity (CVSS

CVE-2023-24774 CRITICAL POC
9.8 Mar 10

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\au

CVE-2023-24777 CRITICAL POC
9.8 Mar 08

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. R

CVE-2023-24782 CRITICAL POC
9.8 Mar 08

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit

CVE-2023-24773 CRITICAL POC
9.8 Mar 08

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list

CVE-2023-24780 CRITICAL POC
9.8 Mar 08

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns

CVE-2023-24775 CRITICAL POC
9.8 Mar 07

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member

CVE-2023-24781 CRITICAL POC
9.8 Mar 07

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member

CVE-2023-24776 CRITICAL POC
9.8 Mar 06

Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addo

CVE-2024-48230 HIGH POC
7.2 Oct 25

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\a

CVE-2024-48226 HIGH POC
7.2 Oct 25

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. Rated high severity (CVSS 7.2), this vulnerabilit

CVE-2024-48223 HIGH POC
7.2 Oct 25

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist. Rated high severity (CVSS 7.2), this vulnera

Share

CVE-2024-48227 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy