提交 #753972: funadmin v7.1.0-rc4 Missing Authorization (CWE-862)信息

标题funadmin v7.1.0-rc4 Missing Authorization (CWE-862)
描述In app/backend/controller/Ajax.php, the setConfig function lacks proper authentication and authorization checks, resulting in an unauthorized access vulnerability. An attacker can invoke this function remotely without logging in by crafting a malicious request, allowing arbitrary modification of system configuration parameters.
来源⚠️ https://github.com/I4m6da/CVE/issues/3
用户
 I4m6da (UID 95320)
提交2026-02-07 13時20分 (4 月前)
管理2026-02-20 19時57分 (13 days later)
状态已接受
VulDB条目347207 [funadmin 直到 7.1.0-rc4 Configuration Ajax.php setConfig 权限提升]
积分19

上一步一览下一步

Do you know our Splunk app?

Download it now for free!