Submeter #753972: funadmin v7.1.0-rc4 Missing Authorization (CWE-862)informação

Títulofunadmin v7.1.0-rc4 Missing Authorization (CWE-862)
DescriçãoIn app/backend/controller/Ajax.php, the setConfig function lacks proper authentication and authorization checks, resulting in an unauthorized access vulnerability. An attacker can invoke this function remotely without logging in by crafting a malicious request, allowing arbitrary modification of system configuration parameters.
Fonte⚠️ https://github.com/I4m6da/CVE/issues/3
Utilizador
 I4m6da (UID 95320)
Submissão07/02/2026 13h20 (há 4 meses)
Moderação20/02/2026 19h57 (13 days later)
EstadoAceite
Entrada VulDB347207 [funadmin até 7.1.0-rc4 Configuration Ajax.php setConfig Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!