Fastadmin
CVE-2020-25967
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.
AnalysisAI
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. Affected products include: Fastadmin.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.
An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated high severity (CVSS 8.8), this vulnerability is remotely
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 UR
An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated medium severity (CVSS 6.5), this vulnerability is remote
An issue was discovered in FastAdmin V1.0.0.20180417_beta. Rated medium severity (CVSS 5.4), this vulnerability is remot
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Rated medium sev
A vulnerability was found in FastAdmin 1.5.0.20240328. Rated medium severity (CVSS 5.1), this vulnerability is remotely
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be pas
SQL injection in FastAdmin up to version 1.7.0.20250506 allows high-privilege authenticated attackers to execute arbitra
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today