Funadmin
Monthly
Funadmin up to version 7.1.0-rc4 contains an unsafe deserialization vulnerability in the AuthCloudService.php getMember function that allows authenticated remote attackers to manipulate the cloud_account parameter and execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Funadmin versions up to 7.1.0 contains a vulnerability that allows attackers to improper authorization (CVSS 7.3).
Funadmin versions up to 7.1.0-rc4 contain an information disclosure vulnerability in the password recovery function that allows unauthenticated remote attackers to access sensitive user data. Public exploit code is available for this vulnerability, and the vendor has not released a patch despite early notification. The low CVSS score of 5.3 reflects limited impact, though organizations running affected versions should implement compensating controls until an update is available.
Funadmin up to version 7.1.0-rc4 contains an unsafe deserialization vulnerability in the AuthCloudService.php getMember function that allows authenticated remote attackers to manipulate the cloud_account parameter and execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Funadmin versions up to 7.1.0 contains a vulnerability that allows attackers to improper authorization (CVSS 7.3).
Funadmin versions up to 7.1.0-rc4 contain an information disclosure vulnerability in the password recovery function that allows unauthenticated remote attackers to access sensitive user data. Public exploit code is available for this vulnerability, and the vendor has not released a patch despite early notification. The low CVSS score of 5.3 reflects limited impact, though organizations running affected versions should implement compensating controls until an update is available.