Security Advisories - funadmin/funadmin

funadmin/funadmin Security Advisories for v3.x-dev (16)

[LOW] funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function

PKSA-rzcm-2t96-zr56 CVE-2026-2898 GHSA-gcxp-xg77-798j

Affected version: <=7.1.0-rc4

Reported by:
GitHub
[LOW] funadmin: XSS through Value argument in Backend Interface component

PKSA-z36f-6d88-bjdd CVE-2026-2897 GHSA-rfh7-7v27-6p9r

Affected version: <=7.1.0-rc4

Reported by:
GitHub
[MEDIUM] funadmin has Incorrect Privilege Assignment in its Configuration Handler

PKSA-dwjy-41q2-31rt CVE-2026-2896 GHSA-5m2g-4cf6-c3rg

Affected version: <=7.1.0-rc4

Reported by:
GitHub
[LOW] funadmin has Weak Password Recovery Mechanism for Forgotten Password

PKSA-j1rx-v5j5-4zrh CVE-2026-2895 GHSA-fmr2-m7gc-577w

Affected version: <=7.1.0-rc4

Reported by:
GitHub
[MEDIUM] funadmin exposes sensitive information via getMember function

PKSA-46y2-3dk3-ygyt CVE-2026-2894 GHSA-8hhx-xq9j-xwfj

Affected version: <=7.1.0-rc4

Reported by:
GitHub
[LOW] Funadmin Cross-site Scripting vulnerability

PKSA-nc45-f82j-74m7 CVE-2024-48228 GHSA-j9wp-x5q5-xh2f

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-nk92-cdr6-7w2w CVE-2024-48230 GHSA-2mv8-jjm5-f3hr

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-mxrz-4hkg-3h8r CVE-2024-48229 GHSA-h345-r48x-g68f

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-59vr-s2ft-5k3y CVE-2024-48224 GHSA-6j8f-88mh-r9vq

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] Logic flaw in Funadmin

PKSA-cpn7-71x8-t5j8 CVE-2024-48227 GHSA-r9v5-q97m-rj5g

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-xd9h-8x7f-w3ky CVE-2024-48226 GHSA-9gw3-qr2f-3vg5

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-24k8-87m6-b6gs CVE-2024-48225 GHSA-vw6x-c5rg-jmjp

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-phnz-xtt4-f7rp CVE-2024-48223 GHSA-x2fr-vj74-5h35

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-3k68-pkvb-hzjf CVE-2024-48222 GHSA-5g66-93qv-565j

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-g1j1-f88w-twmr CVE-2024-48218 GHSA-h4px-9vmp-p7pv

Affected version: <=5.0.2

Reported by:
GitHub
[HIGH] SQL injection in funadmin

PKSA-d4hs-9h6z-k34y CVE-2024-48231 GHSA-7pp4-388x-2xqj

Affected version: <=5.0.2

Reported by:
GitHub

funadmin/funadmin Security Advisories for v3.x-dev (16)

[LOW] funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function

[LOW] funadmin: XSS through Value argument in Backend Interface component

[MEDIUM] funadmin has Incorrect Privilege Assignment in its Configuration Handler

[LOW] funadmin has Weak Password Recovery Mechanism for Forgotten Password

[MEDIUM] funadmin exposes sensitive information via getMember function

[LOW] Funadmin Cross-site Scripting vulnerability

[HIGH] SQL injection in funadmin

[HIGH] SQL injection in funadmin

[HIGH] SQL injection in funadmin

[HIGH] Logic flaw in Funadmin

[HIGH] SQL injection in funadmin

[HIGH] SQL injection in funadmin

[HIGH] SQL injection in funadmin

[HIGH] SQL injection in funadmin

[HIGH] SQL injection in funadmin

[HIGH] SQL injection in funadmin