An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://github.com/funadmin/funadmin/issues/31 | Exploit Issue Tracking |
Configurations
History
10 Jun 2025, 18:46
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Funadmin funadmin
Funadmin |
|
| CPE | cpe:2.3:a:funadmin:funadmin:5.0.2:*:*:*:*:*:*:* | |
| References | () https://github.com/funadmin/funadmin/issues/31 - Exploit, Issue Tracking |
25 Oct 2024, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-10-25 22:15
Updated : 2025-06-10 18:46
NVD link : CVE-2024-48228
Mitre link : CVE-2024-48228
JSON object : View
Products Affected
funadmin
- funadmin
CWE
No CWE.