GSA_kwCzR0hTQS12aHJ2LTlmOWctcmZyeM4AAx99

Critical EPSS: 0.00071% (0.22456 Percentile) EPSS:

Permalink JSON

SQL Injection in Funadmin

Affected Packages	Affected Versions	Fixed Versions
packagist:funadmin/funadmin	<= 3.2.0	No known fixed version
0 Dependent packages 0 Dependent repositories 853 Downloads total Affected Version Ranges All affected versions 1.5.0, 2.1.0, 2.2.6, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 3.0.1, 3.1.0, 3.1.1, 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-24781
https://github.com/funadmin/funadmin/issues/8
https://github.com/advisories/GHSA-vhrv-9f9g-rfrx

Identifiers

GHSA-vhrv-9f9g-rfrx

CVE-2023-24781

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00071

EPSS Percentile: 0.22456

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/funadmin/funadmin

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories