제출 #753972: funadmin v7.1.0-rc4 Missing Authorization (CWE-862)정보

제목funadmin v7.1.0-rc4 Missing Authorization (CWE-862)
설명In app/backend/controller/Ajax.php, the setConfig function lacks proper authentication and authorization checks, resulting in an unauthorized access vulnerability. An attacker can invoke this function remotely without logging in by crafting a malicious request, allowing arbitrary modification of system configuration parameters.
원천⚠️ https://github.com/I4m6da/CVE/issues/3
사용자
 I4m6da (UID 95320)
제출2026. 02. 07. PM 01:20 (4 개월 ago)
모더레이션2026. 02. 20. PM 07:57 (13 days later)
상태수락
VulDB 항목347207 [funadmin 까지 7.1.0-rc4 Configuration Ajax.php setConfig 권한 상승]
포인트들19

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!