115 matches found
Command execution vulnerability exists in FastAdmin (CNVD-2021-37445)
FastAdmin is an extremely fast backend development framework based on ThinkPHP and Bootstrap. FastAdmin suffers from a command execution vulnerability. An attacker can exploit this vulnerability to gain server privileges...
FastAdmin 框架RCE漏洞
...
Command Execution Vulnerability in FastAdmin of Shenzhen Extreme Creative Technology Co.
FastAdmin is an extremely fast backend development framework based on ThinkPHP5+Bootstrap. Shenzhen Extreme Creative Technology Co. FastAdmin has a command execution vulnerability that can be exploited by an attacker to gain control of the server...
fastadmin cross-site scripting vulnerability (CNVD-2021-13219)
fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A cross-site scripting vulnerability exists in fastadmin V1.0.0.20200506beta, which stems from the lack of proper validation of client-side data in WEB applications. An attacker can obtain administrator credentials ...
CVE-2020-26609
fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...
CVE-2020-26609
fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...
Cross site scripting
fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...
CVE-2020-26609
CVE-2020-26609: A cross-site scripting (XSS) vulnerability in fastadmin V1.0.0.20200506_beta may allow an attacker to obtain administrator credentials to log in to the backend. Documents do not specify a fixed patch or remediations; no explicit exploit details are provided beyond this description.
CVE-2020-26609
fastadmin V1.0.0.20200506beta contains a cross-site scripting XSS vulnerability which may allow an attacker to obtain administrator credentials to log in to the background...
fastadmin 跨站脚本漏洞
fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A cross-site scripting vulnerability exists in fastadmin V1.0.0.20200506beta, which stems from the lack of proper validation of client-side data in WEB applications. An attacker can obtain administrator credentials ...
CVE-2020-25967
The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...
CVE-2020-25967
The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...
Sql injection
The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...
CVE-2020-25967
The CVE refers to fastadmin, version 1.0.0.20200506_beta, with a Server-Side Template Injection (SSTI) in the member center function. The connected records reiterate this SSTI description but do not provide root cause details, affected subcomponents beyond the member center, or any remediation/wo...
CVE-2020-25967
The member center function in fastadmin V1.0.0.20200506beta is vulnerable to a Server-Side Template Injection SSTI vulnerability...
Fastadmin Code Injection Vulnerability
fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. Fastadmin V1.0.0.20200506 beta has a security vulnerability that can be exploited by attackers to cause server-side template injection SST vulnerability attacks...
CVE-2020-21665
In fastadmin V1.0.0.20191212beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh...
CVE-2020-21665
In fastadmin V1.0.0.20191212beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh...
Sql injection
In fastadmin V1.0.0.20191212beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh...
CVE-2020-21665
In fastadmin v1.0.0.20191212_beta, authenticated administrators can be vulnerable to SQL injection via a crafted parameter in the URL /admin/ajax/weigh. This CVE (CVE-2020-21665) is documented in multiple sources (NVD, RH Red Hat security page, OSV, CVE listing) with CVSS v2 base score 6.5 (Mediu...