PT-2023-19779 · Funadmin · Funadmin

Qbz95Aaa

·

Publicado

2023-03-08

·

Atualizado

2023-03-14

·

CVE-2023-24782

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Funadmin version 3.2.0
Description The issue is a SQL injection vulnerability that can be exploited via the id parameter at the "/databases/database/edit" API endpoint. This allows for potential unauthorized access and manipulation of database content.
Recommendations For Funadmin version 3.2.0, consider restricting access to the "/databases/database/edit" API endpoint until a patch is available, and avoid using the id parameter in this endpoint to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-24782
GHSA-QHQ8-2F3M-GXVP

Produtos afetados

Funadmin