#git

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture," CERT-UA said. "These emails contain attachments in the form of Remote Desktop Protocol ('.rdp'

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).