CVE-2024-48228

Name of the Vulnerable Software and Affected Versions funadmin version 5.0.2

Description An issue was found in the selectfiles method in backendcontrollersysAttachh.php, where it directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

Recommendations For funadmin version 5.0.2, consider disabling the selectfiles method in backendcontrollersysAttachh.php until a patch is available to prevent Cross Site Scripting (XSS) attacks. Restrict access to the Attachh.php file to minimize the risk of exploitation. Avoid using the param parameter in the affected method until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.