Miggo Logo
Miggo Vulnerability Database
CVE-2023-24775

CVE-2023-24775: SQL Injection in Funadmin

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-24775
GHSA ID
GHSA-v43v-pv95-jc55
EPSS Score
0.98067%
CWE
CWE-89
Published
3/7/2023
Updated
3/5/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
funadmin/funadmincomposer<= 3.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises because the application's selectList method (Curd.php) accepts the 'selectFields' parameter from the user and passes it to the ORM's field() method (BaseQuery.php). The field() method directly incorporates this input into SQL queries without sanitization. The GitHub issue explicitly traces this flow, demonstrating that unsanitized input reaches the SQL construction phase. While the ORM's field() method is designed to handle trusted input, the application's failure to validate() or escape the user-controlled 'selectFields' parameter before passing it to this method makes both the application-layer method (selectList) and the ORM method (field) part of the vulnerable code path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*un**min v*.*.* w*s *is*ov*r** to *ont*in * SQL inj**tion vuln*r**ility vi* t** s*l**t*i*l*s p*r*m*t*r *t \m*m**r\M*m**r.p*p.

Reasoning

T** vuln*r**ility *ris*s ****us* t** *ppli**tion's `s*l**tList` m*t*o* (`*ur*.p*p`) ****pts t** 's*l**t*i*l*s' p*r*m*t*r *rom t** us*r *n* p*ss*s it to t** ORM's `*i*l*()` m*t*o* (`**s*Qu*ry.p*p`). T** `*i*l*()` m*t*o* *ir**tly in*orpor*t*s t*is inpu