| Título | funadmin v7.1.0-rc4 Missing Authorization (CWE-862) |
|---|
| Descripción | In app/backend/controller/Ajax.php, the setConfig function lacks proper authentication and authorization checks, resulting in an unauthorized access vulnerability.
An attacker can invoke this function remotely without logging in by crafting a malicious request, allowing arbitrary modification of system configuration parameters. |
|---|
| Fuente | ⚠️ https://github.com/I4m6da/CVE/issues/3 |
|---|
| Usuario | I4m6da (UID 95320) |
|---|
| Sumisión | 2026-02-07 13:20 (hace 4 meses) |
|---|
| Moderación | 2026-02-20 19:57 (13 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 347207 [funadmin hasta 7.1.0-rc4 Configuration Ajax.php setConfig escalada de privilegios] |
|---|
| Puntos | 19 |
|---|