115 matches found
CVE-2020-21665
In fastadmin v1.0.0.20191212_beta, authenticated administrators can be vulnerable to SQL injection via a crafted parameter in the URL /admin/ajax/weigh. This CVE (CVE-2020-21665) is documented in multiple sources (NVD, RH Red Hat security page, OSV, CVE listing) with CVSS v2 base score 6.5 (Mediu...
fastadmin SQL Injection Vulnerability
fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin V1.0.0.20191212 beta, which stems from a malicious parameter that can be passed in the URL admin ajax for SQL injection when a user with administrator...
fastadmin SQL Injection Vulnerability
fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin-tp6 v1.0, which originates in the app management controller Ajax.php file, where the passed table parameters are not filtered. An attacker can exploit this...
CVE-2020-21667
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...
CVE-2020-21667
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...
Sql injection
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...
CVE-2020-21667
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...
CVE-2020-21667
CVE-2020-21667 affects fastadmin-tp6 v1.0, where the Ajax.php file’s table parameter is not filtered, enabling SQL injection. The vulnerability arises from unsanitized input passed to the database layer, per multiple connected records (NVD, Red Hat RH, CNVD/CVE listings, GitLab file). Exploitatio...
SQL Injection
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...
File Upload Vulnerability in FastAdmin Fileix File Manager Backend
FastAdmin Fileix file manager is webix based file manager build, Fileix has an intuitive interface that allows you to work with any of your files or folders. A file upload vulnerability exists in the backend of FastAdmin Fileix File Manager. An attacker can exploit this vulnerability to upload...
Command execution vulnerability in FastAdmin backend (CNVD-2020-58827)
FastAdmin is an extremely fast backend development framework based on ThinkPHP and Bootstrap, and a permission management system based on Auth validation. FastAdmin backend has a command execution vulnerability that can be exploited by an attacker to gain control of the server...
CVE-2019-17432
An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the rowname parameter...
CVE-2019-17432
An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the rowname parameter...
CVE-2019-17431
An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability...
CVE-2019-17431
An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability...
Cross site request forgery (csrf)
An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the rowname parameter...
Cross site request forgery (csrf)
An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability...
CVE-2019-17431
An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability...
CVE-2019-17431
The CVE-2019-17431 entry concerns fastadmin version 1.0.0.20190705_beta, noting a CSRF vulnerability in the public/index.php/admin/auth/admin/add endpoint. The connected documents reiterate the same description and do not provide technical details on root cause, affected module internals, patch v...
CVE-2019-17432
The CVE-2019-17432 issue affects fastadmin 1.0.0.20190705_beta, describing a public/admin/general.config/edit CSRF vulnerability that can result in XSS via the row[name] parameter. The connected sources consistently report the CSRF flaw in this specific version, with no additional details on expl...