GSA_kwCzR0hTQS03cG1oLThxamotNHEzNs4AAx_c

Critical EPSS: 0.00248% (0.47963 Percentile) EPSS:

Permalink JSON

SQL Injection in Funadmin

Affected Packages	Affected Versions	Fixed Versions
packagist:funadmin/funadmin	<= 3.2.0	No known fixed version
0 Dependent packages 0 Dependent repositories 853 Downloads total Affected Version Ranges All affected versions 1.5.0, 2.1.0, 2.2.6, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 3.0.1, 3.1.0, 3.1.1, 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-24780
https://github.com/funadmin/funadmin/issues/6
https://github.com/advisories/GHSA-7pmh-8qjj-4q36

Identifiers

GHSA-7pmh-8qjj-4q36

CVE-2023-24780

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00248

EPSS Percentile: 0.47963

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/funadmin/funadmin

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories