CVE-2024-48228
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).
全栈AI MCP开发框架🔥🔥🔥FunAdmin是基于ThinkPHP8Layui开发的轻量级高颜值后台开发系统,集成Layui常用组件、CRUD生成快速模块,非常适合二开, 点击star支持下吧
GitHub