| Titre | funadmin v7.1.0-rc4 Missing Authorization (CWE-862) |
|---|
| Description | In app/backend/controller/Ajax.php, the setConfig function lacks proper authentication and authorization checks, resulting in an unauthorized access vulnerability.
An attacker can invoke this function remotely without logging in by crafting a malicious request, allowing arbitrary modification of system configuration parameters. |
|---|
| La source | ⚠️ https://github.com/I4m6da/CVE/issues/3 |
|---|
| Utilisateur | I4m6da (UID 95320) |
|---|
| Soumission | 07/02/2026 13:20 (il y a 4 mois) |
|---|
| Modérer | 20/02/2026 19:57 (13 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 347207 [funadmin jusqu’à 7.1.0-rc4 Configuration Ajax.php setConfig élévation de privilèges] |
|---|
| Points | 19 |
|---|