إرسال #753972: funadmin v7.1.0-rc4 Missing Authorization (CWE-862)المعلومات

عنوانfunadmin v7.1.0-rc4 Missing Authorization (CWE-862)
الوصفIn app/backend/controller/Ajax.php, the setConfig function lacks proper authentication and authorization checks, resulting in an unauthorized access vulnerability. An attacker can invoke this function remotely without logging in by crafting a malicious request, allowing arbitrary modification of system configuration parameters.
المصدر⚠️ https://github.com/I4m6da/CVE/issues/3
المستخدم
 I4m6da (UID 95320)
ارسال07/02/2026 01:20 PM (4 أشهر منذ)
الاعتدال20/02/2026 07:57 PM (13 days later)
الحالةتمت الموافقة
إدخال VulDB347207 [funadmin حتى 7.1.0-rc4 Configuration Ajax.php setConfig تجاوز الصلاحيات]
النقاط19

التالي نظرة عامة السابق

Want to know what is going to be exploited?

We predict KEV entries!