Fastadmin
CVE-2019-11077
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.
AnalysisAI
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. Affected products include: Fastadmin.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vu
An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated high severity (CVSS 8.8), this vulnerability is remotely
An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated medium severity (CVSS 6.5), this vulnerability is remote
An issue was discovered in FastAdmin V1.0.0.20180417_beta. Rated medium severity (CVSS 5.4), this vulnerability is remot
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Rated medium sev
A vulnerability was found in FastAdmin 1.5.0.20240328. Rated medium severity (CVSS 5.1), this vulnerability is remotely
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be pas
SQL injection in FastAdmin up to version 1.7.0.20250506 allows high-privilege authenticated attackers to execute arbitra
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today