GSA_kwCzR0hTQS03ZzUzLWpqMjUtamhncs4AAx9K

Critical EPSS: 0.01361% (0.79048 Percentile) EPSS:

Permalink JSON

Remote code execution in Funadmin

Affected Packages	Affected Versions	Fixed Versions
packagist:funadmin/funadmin	<= 3.2.0	No known fixed version
0 Dependent packages 0 Dependent repositories 853 Downloads total Affected Version Ranges All affected versions 1.5.0, 2.1.0, 2.2.6, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 3.0.1, 3.1.0, 3.1.1, 3.2.0

Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-24776
https://github.com/funadmin/funadmin/issues/7
https://github.com/advisories/GHSA-7g53-jj25-jhgr

Identifiers

GHSA-7g53-jj25-jhgr

CVE-2023-24776

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.01361

EPSS Percentile: 0.79048

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/funadmin/funadmin

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories