Product:

Fastadmin

(Fastadmin)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 8
Date Id Summary Products Score Patch Annotated
2021-12-13 CVE-2021-43117 fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. Fastadmin 9.8
2020-12-10 CVE-2020-25967 The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. Fastadmin 8.8
2021-02-23 CVE-2020-26609 fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background. Fastadmin 5.4
2020-11-17 CVE-2020-21665 In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. Fastadmin 7.2
2019-04-11 CVE-2019-11077 FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. Fastadmin N/A
2019-10-10 CVE-2019-17432 An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. Fastadmin N/A
2019-10-10 CVE-2019-17431 An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. Fastadmin N/A
2018-04-21 CVE-2018-10268 An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter. Fastadmin 5.4