Submit #753972: funadmin v7.1.0-rc4 Missing Authorization (CWE-862)info

Titelfunadmin v7.1.0-rc4 Missing Authorization (CWE-862)
BeschreibungIn app/backend/controller/Ajax.php, the setConfig function lacks proper authentication and authorization checks, resulting in an unauthorized access vulnerability. An attacker can invoke this function remotely without logging in by crafting a malicious request, allowing arbitrary modification of system configuration parameters.
Quelle⚠️ https://github.com/I4m6da/CVE/issues/3
Benutzer
 I4m6da (UID 95320)
Einreichung07.02.2026 13:20 (vor 4 Monaten)
Moderieren20.02.2026 19:57 (13 days later)
StatusAkzeptiert
VulDB Eintrag347207 [funadmin bis 7.1.0-rc4 Configuration Ajax.php setConfig erweiterte Rechte]
Punkte19

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!