Fastadmin
CVE-2019-17432
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.
AnalysisAI
An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. Affected products include: Fastadmin.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vu
An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated high severity (CVSS 8.8), this vulnerability is remotely
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 UR
An issue was discovered in FastAdmin V1.0.0.20180417_beta. Rated medium severity (CVSS 5.4), this vulnerability is remot
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Rated medium sev
A vulnerability was found in FastAdmin 1.5.0.20240328. Rated medium severity (CVSS 5.1), this vulnerability is remotely
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be pas
SQL injection in FastAdmin up to version 1.7.0.20250506 allows high-privilege authenticated attackers to execute arbitra
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today