CVE-2026-2895 | funadmin up to 7.1.0-rc4 Member.php repass forget_code/vercode password recovery

A vulnerability was found in funadmin up to 7.1.0-rc4. It has been classified as problematic. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery.

This vulnerability is known as CVE-2026-2895. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2895 | funadmin up to 7.1.0-rc4 Member.php repass forget_code/vercode password recovery

Post correlati

CVE-2024-51569 | Apache NimBLE up to 1.7.0 HCI Event Parser out-of-bounds

CVE-2024-52410 | Phoenixheart Referrer Detector Plugin up to 4.2.1.0 on WordPress deserialization

CVE-2025-22245 | VMware NSX Router Port cross site scripting

CVE-2024-30539 | Awesome Support Team Awesome Support Plugin up to 6.1.7 on WordPress authorization