PT-2024-33030 · Funadmin · Funadmin

Lvzcho

Published

2024-10-25

Updated

2024-10-31

CVE-2024-48218

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Funadmin version 5.0.2

Description The issue is a SQL injection vulnerability located in the /curd/table/list API endpoint. This vulnerability can potentially be exploited to extract or modify sensitive data from the database.

Recommendations For Funadmin version 5.0.2, consider restricting access to the /curd/table/list API endpoint until a patch is available. As a temporary workaround, avoid using parameters that may trigger the SQL injection in the affected endpoint.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-48218

GHSA-H4PX-9VMP-P7PV

Affected Products

Funadmin

PT-2024-33030 · Funadmin · Funadmin

CVE-2024-48218

Weakness Enumeration

Related Identifiers

Affected Products

References · 8