CVE-2025-14966

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

EUVD-2019-2782

Malware in sbrugna...

EUVD-2019-7824

Malware in sbrugna...

EUVD-2020-18597

Malware in sbrugna...

CVE-2024-7928

A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploi...

CVE-2020-25967

The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...

CVE-2020-26609

fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...

CVE-2019-17431

An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability...

FastAdmin Path Traversal Vulnerability

FastAdmin is a set of web backend development framework based on ThinkPHP and Bootstrap. FastAdmin suffers from a path traversal vulnerability, which stems from the program failing to properly filter special elements in the path of a resource or file. An attacker can exploit this vulnerability to...

CVE-2024-7928

A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploi...

fastadmin cross-site scripting vulnerability (CNVD-2021-13219)

fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A cross-site scripting vulnerability exists in fastadmin V1.0.0.20200506beta, which stems from the lack of proper validation of client-side data in WEB applications. An attacker can obtain administrator credentials ...

CVE-2020-25967

The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...

fastadmin SQL Injection Vulnerability

fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin-tp6 v1.0, which originates in the app management controller Ajax.php file, where the passed table parameters are not filtered. An attacker can exploit this...

CVE-2019-17432

An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the rowname parameter...

Cross site request forgery (csrf)

FastAdmin V1.0.0.20190111beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI...

CVE-2019-11077

FastAdmin V1.0.0.20190111beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI...