GSA_kwCzR0hTQS12NDN2LXB2OTUtamM1Nc4AAx-F

Critical EPSS: 0.58311% (0.98021 Percentile) EPSS:

Permalink JSON

SQL Injection in Funadmin

Affected Packages	Affected Versions	Fixed Versions
packagist:funadmin/funadmin	<= 3.2.0	No known fixed version
0 Dependent packages 0 Dependent repositories 853 Downloads total Affected Version Ranges All affected versions 1.5.0, 2.1.0, 2.2.6, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 3.0.1, 3.1.0, 3.1.1, 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-24775
https://github.com/funadmin/funadmin/issues/9
https://github.com/advisories/GHSA-v43v-pv95-jc55

Identifiers

GHSA-v43v-pv95-jc55

CVE-2023-24775

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.58311

EPSS Percentile: 0.98021

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/funadmin/funadmin

Date and time

Published

over 2 years ago

Updated

5 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories