CVE-2026-2895

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/I4m6da/CVE/issues/2	Exploit Issue Tracking
https://github.com/I4m6da/CVE/issues/2#issue-3884919985	Exploit Issue Tracking
https://vuldb.com/?ctiid.347206	Permissions Required VDB Entry
https://vuldb.com/?id.347206	Third Party Advisory VDB Entry
https://vuldb.com/?submit.753971	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:funadmin:funadmin::::::::
	cpe:2.3:a:funadmin:funadmin:7.1.0:rc1::::::
	cpe:2.3:a:funadmin:funadmin:7.1.0:rc2::::::
	cpe:2.3:a:funadmin:funadmin:7.1.0:rc3::::::
	cpe:2.3:a:funadmin:funadmin:7.1.0:rc4::::::

History

No history.

Information

Published : 2026-02-21 23:15

Updated : 2026-02-24 16:42

NVD link : CVE-2026-2895

Mitre link : CVE-2026-2895

CVE.ORG link : CVE-2026-2895

JSON object : View

Products Affected

funadmin

funadmin

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

{"id": "CVE-2026-2895", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-21T23:15:59.990", "references": [{"url": "https://github.com/I4m6da/CVE/issues/2", "tags": ["Exploit", "Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://github.com/I4m6da/CVE/issues/2#issue-3884919985", "tags": ["Exploit", "Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.347206", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.347206", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.753971", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha descubierto una falla de seguridad en funadmin hasta 7.1.0-rc4. La cual afecta a la funci\u00f3n repass del archivo app/frontend/controller/Member.PHP. Manipular el argumento forget_code/vercode provoca una recuperaci\u00f3n de contrase\u00f1a d\u00e9bil. Es posible explotar el ataque en remoto. El ataque est\u00e1 calificado de complejidad alta y se sabe que es dif\u00edcil de explotar. El exploit ha sido publicado y puede ser utilizado para ataques. El proveedor fue contactado con antelaci\u00f3n sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "lastModified": "2026-02-24T16:42:44.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:funadmin:funadmin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67A1D507-8F8E-4C10-B5CB-D08DE081AF77", "versionEndExcluding": "7.1.0"}, {"criteria": "cpe:2.3:a:funadmin:funadmin:7.1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D14B5D13-CC64-43DE-A709-150D9284D19C"}, {"criteria": "cpe:2.3:a:funadmin:funadmin:7.1.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BF7A984-32FB-4957-8151-47FC4C2CB9CA"}, {"criteria": "cpe:2.3:a:funadmin:funadmin:7.1.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "518EE1E1-CD85-4784-94E5-D7DF735BFF56"}, {"criteria": "cpe:2.3:a:funadmin:funadmin:7.1.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "303D805A-EEC2-44FE-BB54-8B336EA8A3E7"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}