Primary

Context

funadmin Improper Authorization Vulnerability in Configuration Handler

Vulnerability

Patched

A vulnerability allowing unauthorized access to configuration modification has been identified in funadmin versions through 7.1.0-rc4. The issue resides in the setConfig function within app/backend/controller/Ajax.php, where inadequate authentication and authorization checks permit remote attackers to alter system configuration without logging in.

Impact

Exploitation of this vulnerability allows for arbitrary changes to system configuration settings, which could lead to further security risks or system mismanagement.

Reproduction

The vulnerability can be reproduced by sending a request to the setConfig function in app/backend/controller/Ajax.php without authentication. This can be done by crafting a request that bypasses the missing authorization checks, allowing unauthorized users to access and modify configuration settings.

Added: Feb 22, 2026, 12:18 AM

Updated: Feb 22, 2026, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

7.7

relevance

3.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

7.7

relevance

3.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

funadmin Improper Authorization Vulnerability in Configuration Handler

Vulnerability

Impact

Reproduction

Affected Products

funadmin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating