PT-2026-21400 · Funadmin · Funadmin

I4M6Da

Publicado

2026-02-21

Atualizado

2026-02-27

CVE-2026-2896

CVSS v3.1

7.3

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions funadmin versions up to 7.1.0-rc4

Description A weakness exists in funadmin that could lead to improper authorization. This is due to a manipulation possible in the setConfig function within the app/backend/controller/Ajax.php file of the Configuration Handler component. The attack can be executed remotely. The exploit has been made publicly available. The vendor was contacted but did not respond.

Recommendations Update funadmin to a version later than 7.1.0-rc4.

Exploit

Correção

Incorrect Privilege Assignment

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-285

Identificadores relacionados

CVE-2026-2896

GHSA-5M2G-4CF6-C3RG

Produtos afetados

Funadmin

PT-2026-21400 · Funadmin · Funadmin

CVE-2026-2896

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15