Lucene search
K

115 matches found

CNVD
CNVD
added 2021/05/11 12:0 a.m.2 views

Command execution vulnerability exists in FastAdmin (CNVD-2021-37445)

FastAdmin is an extremely fast backend development framework based on ThinkPHP and Bootstrap. FastAdmin suffers from a command execution vulnerability. An attacker can exploit this vulnerability to gain server privileges...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2021/04/02 12:0 a.m.715 views

FastAdmin 框架RCE漏洞

...

1.2AI score
Exploits0
CNVD
CNVD
added 2021/03/28 12:0 a.m.3 views

Command Execution Vulnerability in FastAdmin of Shenzhen Extreme Creative Technology Co.

FastAdmin is an extremely fast backend development framework based on ThinkPHP5+Bootstrap. Shenzhen Extreme Creative Technology Co. FastAdmin has a command execution vulnerability that can be exploited by an attacker to gain control of the server...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/02/25 12:0 a.m.8 views

fastadmin cross-site scripting vulnerability (CNVD-2021-13219)

fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A cross-site scripting vulnerability exists in fastadmin V1.0.0.20200506beta, which stems from the lack of proper validation of client-side data in WEB applications. An attacker can obtain administrator credentials ...

5.4CVSS6AI score0.00905EPSS
Exploits1References1
NVD
NVD
added 2021/02/23 5:15 p.m.11 views

CVE-2020-26609

fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...

5.4CVSS0.00905EPSS
Exploits1References3
OSV
OSV
added 2021/02/23 5:15 p.m.7 views

CVE-2020-26609

fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...

5.4CVSS5.7AI score
Exploits0References3
Prion
Prion
added 2021/02/23 5:15 p.m.14 views

Cross site scripting

fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...

3.5CVSS5.2AI score0.00905EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/02/23 4:38 p.m.41 views

CVE-2020-26609

CVE-2020-26609: A cross-site scripting (XSS) vulnerability in fastadmin V1.0.0.20200506_beta may allow an attacker to obtain administrator credentials to log in to the backend. Documents do not specify a fixed patch or remediations; no explicit exploit details are provided beyond this description.

5.4CVSS5.2AI score0.00905EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/02/23 4:38 p.m.19 views

CVE-2020-26609

fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...

5.2AI score0.00905EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.6 views

fastadmin 跨站脚本漏洞

fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A cross-site scripting vulnerability exists in fastadmin V1.0.0.20200506beta, which stems from the lack of proper validation of client-side data in WEB applications. An attacker can obtain administrator credentials ...

5.4CVSS5.9AI score0.00905EPSS
Exploits1References3
NVD
NVD
added 2020/12/10 11:15 p.m.17 views

CVE-2020-25967

The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...

8.8CVSS8.8AI score0.01274EPSS
Exploits1References1
OSV
OSV
added 2020/12/10 11:15 p.m.4 views

CVE-2020-25967

The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...

8.8CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2020/12/10 11:15 p.m.10 views

Sql injection

The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...

6.5CVSS8.7AI score0.01274EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/12/10 9:7 p.m.65 views

CVE-2020-25967

The CVE refers to fastadmin, version 1.0.0.20200506_beta, with a Server-Side Template Injection (SSTI) in the member center function. The connected records reiterate this SSTI description but do not provide root cause details, affected subcomponents beyond the member center, or any remediation/wo...

8.8CVSS8.7AI score0.01274EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/10 9:7 p.m.18 views

CVE-2020-25967

The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...

8.8AI score0.01274EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/12/10 12:0 a.m.6 views

Fastadmin Code Injection Vulnerability

fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. Fastadmin V1.0.0.20200506 beta has a security vulnerability that can be exploited by attackers to cause server-side template injection SST vulnerability attacks...

8.8CVSS7.3AI score0.01274EPSS
Exploits1References2
OSV
OSV
added 2020/11/17 3:15 p.m.11 views

CVE-2020-21665

In fastadmin V1.0.0.20191212beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh...

7.2CVSS7.9AI score
Exploits0References1
NVD
NVD
added 2020/11/17 3:15 p.m.22 views

CVE-2020-21665

In fastadmin V1.0.0.20191212beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh...

7.2CVSS7.4AI score0.00948EPSS
Exploits0References1
Prion
Prion
added 2020/11/17 3:15 p.m.11 views

Sql injection

In fastadmin V1.0.0.20191212beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh...

6.5CVSS7.4AI score0.00948EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/17 2:58 p.m.47 views

CVE-2020-21665

In fastadmin v1.0.0.20191212_beta, authenticated administrators can be vulnerable to SQL injection via a crafted parameter in the URL /admin/ajax/weigh. This CVE (CVE-2020-21665) is documented in multiple sources (NVD, RH Red Hat security page, OSV, CVE listing) with CVSS v2 base score 6.5 (Mediu...

7.2CVSS7.3AI score0.00948EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder