CVE-2026-2894 | funadmin up to 7.1.0-rc4 forget.html getMember information disclosure

Inserito da Angelo Barbosa | Feb 20, 2026 | CVE

A vulnerability was found in funadmin up to 7.1.0-rc4 and classified as problematic. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure.

This vulnerability is traded as CVE-2026-2894. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2894 | funadmin up to 7.1.0-rc4 forget.html getMember information disclosure

Post correlati

CVE-2024-54357 | ThemeFusion Avada Plugin up to 7.11.10 on WordPress cross-site request forgery

CVE-2024-36832 | D-Link DAP-1513 1.01 /bin/webs null pointer dereference

CVE-2024-0054 | AXIS OS 6.50/11.8 VAPIX API local_list.cgi resource consumption

CVE-2024-5262 | ProjectDiscovery Interactsh up to 1.1.9 file access