GSA_kwCzR0hTQS1qeDJ4LWZnOXAtN2djN84AAyBw

Critical EPSS: 0.00553% (0.66684 Percentile) EPSS:

Permalink JSON

Funadmin vulnerable to SQL injection

Affected Packages	Affected Versions	Fixed Versions
packagist:funadmin/funadmin	<= 3.2.0	No known fixed version
0 Dependent packages 0 Dependent repositories 853 Downloads total Affected Version Ranges All affected versions 1.5.0, 2.1.0, 2.2.6, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 3.0.1, 3.1.0, 3.1.1, 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-24774
https://github.com/funadmin/funadmin/issues/12
https://github.com/advisories/GHSA-jx2x-fg9p-7gc7

Identifiers

GHSA-jx2x-fg9p-7gc7

CVE-2023-24774

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00553

EPSS Percentile: 0.66684

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/funadmin/funadmin

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories