CVE-2026-2894
Received
Received - Intake
Information Disclosure in funadmin getMember Function (Remote Exploit
Publication date: 2026-02-21
Last updated on: 2026-02-24
Assigner: VulDB
Description
Description
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| funadmin | funadmin | to 7.1.0 (exc) |
| funadmin | funadmin | 7.1.0 |
| funadmin | funadmin | 7.1.0 |
| funadmin | funadmin | 7.1.0 |
| funadmin | funadmin | 7.1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
