Fastadmin
CVE-2021-43117
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.
AnalysisAI
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. Affected products include: Fastadmin.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vu
An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated high severity (CVSS 8.8), this vulnerability is remotely
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 UR
An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated medium severity (CVSS 6.5), this vulnerability is remote
An issue was discovered in FastAdmin V1.0.0.20180417_beta. Rated medium severity (CVSS 5.4), this vulnerability is remot
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Rated medium sev
A vulnerability was found in FastAdmin 1.5.0.20240328. Rated medium severity (CVSS 5.1), this vulnerability is remotely
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be pas
SQL injection in FastAdmin up to version 1.7.0.20250506 allows high-privilege authenticated attackers to execute arbitra
Share
External POC / Exploit Code
Leaving vuln.today