GSA_kwCzR0hTQS1wdnA2LTUzcjktOHZ4aM4AAyAe

Critical EPSS: 0.00065% (0.20535 Percentile) EPSS:

Permalink JSON

SQL Injection in Funadmin

Affected Packages	Affected Versions	Fixed Versions
packagist:funadmin/funadmin	<= 3.2.0	No known fixed version
0 Dependent packages 0 Dependent repositories 853 Downloads total Affected Version Ranges All affected versions 1.5.0, 2.1.0, 2.2.6, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 3.0.1, 3.1.0, 3.1.1, 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-24777
https://github.com/funadmin/funadmin/issues/5
https://github.com/advisories/GHSA-pvp6-53r9-8vxh

Identifiers

GHSA-pvp6-53r9-8vxh

CVE-2023-24777

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00065

EPSS Percentile: 0.20535

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/funadmin/funadmin

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories