Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fastadmin
(Fastadmin)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 8 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-12-13 | CVE-2021-43117 | fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. | Fastadmin | 9.8 | ||
2020-12-10 | CVE-2020-25967 | The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. | Fastadmin | 8.8 | ||
2021-02-23 | CVE-2020-26609 | fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background. | Fastadmin | 5.4 | ||
2020-11-17 | CVE-2020-21665 | In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. | Fastadmin | 7.2 | ||
2019-04-11 | CVE-2019-11077 | FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. | Fastadmin | N/A | ||
2019-10-10 | CVE-2019-17432 | An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. | Fastadmin | N/A | ||
2019-10-10 | CVE-2019-17431 | An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. | Fastadmin | N/A | ||
2018-04-21 | CVE-2018-10268 | An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter. | Fastadmin | 5.4 |