Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php.
{ "github_reviewed_at": "2024-10-21T19:43:39Z", "severity": "HIGH", "cwe_ids": [ "CWE-89" ], "github_reviewed": true, "nvd_published_at": "2024-10-21T12:15:08Z" }