Fastadmin
by Fastadmin
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10268 | Med | 0.35 | 5.4 | 0.01 | Apr 22, 2018 | An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter. | ||
| CVE-2025-14966 | Med | 0.31 | 4.7 | 0.00 | Dec 19, 2025 | A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection.… | ||
| CVE-2024-7928 | 0.07 | — | 0.17 | Aug 19, 2024 | A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched… | |||
| CVE-2024-7453 | 0.00 | — | 0.00 | Aug 4, 2024 | A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The manipulation of the… | |||
| CVE-2021-43117 | 0.00 | — | 0.02 | Dec 13, 2021 | fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. | |||
| CVE-2020-26609 | 0.00 | — | 0.01 | Feb 23, 2021 | fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background. | |||
| CVE-2020-25967 | 0.00 | — | 0.01 | Dec 10, 2020 | The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. | |||
| CVE-2020-21665 | 0.00 | — | 0.01 | Nov 17, 2020 | In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. | |||
| CVE-2019-17431 | 0.00 | — | 0.01 | Oct 10, 2019 | An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. | |||
| CVE-2019-17432 | 0.00 | — | 0.01 | Oct 10, 2019 | An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. | |||
| CVE-2019-11077 | 0.00 | — | 0.01 | Apr 11, 2019 | FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. |
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.
- risk 0.31cvss 4.7epss 0.00
A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection.…
- CVE-2024-7928Aug 19, 2024risk 0.07cvss —epss 0.17
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched…
- CVE-2024-7453Aug 4, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The manipulation of the…
- CVE-2021-43117Dec 13, 2021risk 0.00cvss —epss 0.02
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.
- CVE-2020-26609Feb 23, 2021risk 0.00cvss —epss 0.01
fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.
- CVE-2020-25967Dec 10, 2020risk 0.00cvss —epss 0.01
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.
- CVE-2020-21665Nov 17, 2020risk 0.00cvss —epss 0.01
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh.
- CVE-2019-17431Oct 10, 2019risk 0.00cvss —epss 0.01
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.
- CVE-2019-17432Oct 10, 2019risk 0.00cvss —epss 0.01
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.
- CVE-2019-11077Apr 11, 2019risk 0.00cvss —epss 0.01
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.