| Название | funadmin v7.1.0-rc4 Missing Authorization (CWE-862) |
|---|
| Описание | In app/backend/controller/Ajax.php, the setConfig function lacks proper authentication and authorization checks, resulting in an unauthorized access vulnerability.
An attacker can invoke this function remotely without logging in by crafting a malicious request, allowing arbitrary modification of system configuration parameters. |
|---|
| Источник | ⚠️ https://github.com/I4m6da/CVE/issues/3 |
|---|
| Пользователь | I4m6da (UID 95320) |
|---|
| Представление | 07.02.2026 13:20 (4 месяцы назад) |
|---|
| Модерация | 20.02.2026 19:57 (13 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 347207 [funadmin до 7.1.0-rc4 Configuration Ajax.php setConfig эскалация привилегий] |
|---|
| Баллы | 19 |
|---|