CVE-2026-7733 | funadmin up to 7.1.0-rc6 Frontend Chunked Upload Endpoint UploadService.php chunkUpload File unrestricted upload (ID 59)

A vulnerability, which was classified as critical, has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload.

This vulnerability is tracked as CVE-2026-7733. The attack is possible to be carried out remotely. Moreover, an exploit is present.

To fix this issue, it is recommended to deploy a patch.VulDB Recent EntriesRead More