ghsa

Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). This vulnerability is fixed in 0.12.1.

An issue was found in funadmin 5.0.2. The selectfiles method in `\backend\controller\sys\Attachh.php` directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.