CVE-2024-48228 Information

Nov 01, 2024 cve

Description

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering resulting in Cross Site Scripting (XSS).

Reference

https://github.com/funadmin/funadmin/issues/31

Share on: