-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability chain starts in Index.php's add() method, which receives attacker-controlled 'joinTable' input. This input is passed to CurdService's makeController() method, where it is directly interpolated into SQL statements without sanitization. Both functions are critical to the exploit: Index::add propagates tainted data, while CurdService::makeController executes unsafe SQL construction. The GitHub issue explicitly identifies these components, and the described behavior aligns with CWE-89 (raw user input in SQL).
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| funadmin/funadmin | composer | <= 5.0.2 |