Fastapiadmin
Monthly
FastApiAdmin up to 2.2.0 contains an unrestricted file upload vulnerability in the user avatar upload endpoint that allows authenticated remote attackers to upload arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could leverage this to compromise system integrity and potentially execute malicious code.
Unrestricted file upload in FastApiAdmin up to version 2.2.0 allows authenticated remote attackers to upload arbitrary files through the Scheduled Task API endpoint. Public exploit code exists for this vulnerability, enabling potential remote code execution or system compromise. Affected organizations should immediately upgrade beyond version 2.2.0 or implement access controls on the upload functionality until a patch is released.
FastApiAdmin versions up to 2.2.0 contain an unrestricted file upload vulnerability in the Scheduled Task API's upload controller that allows authenticated attackers to upload arbitrary files remotely. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could leverage this to achieve unauthorized file write access and potentially further compromise the application.
FastApiAdmin versions up to 2.2.0 contain an information disclosure vulnerability in the file download endpoint that allows authenticated attackers to read arbitrary files through path traversal manipulation. Public exploit code exists for this vulnerability, enabling remote exploitation by users with valid credentials. The vulnerability affects the download_controller function and currently has no available patch.
FastApiAdmin versions up to 2.2.0 expose sensitive information through the reset_api_docs function in the Custom Documentation Endpoint, allowing unauthenticated remote attackers to access confidential data. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available to remediate this issue.
FastApiAdmin up to 2.2.0 contains an unrestricted file upload vulnerability in the user avatar upload endpoint that allows authenticated remote attackers to upload arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could leverage this to compromise system integrity and potentially execute malicious code.
Unrestricted file upload in FastApiAdmin up to version 2.2.0 allows authenticated remote attackers to upload arbitrary files through the Scheduled Task API endpoint. Public exploit code exists for this vulnerability, enabling potential remote code execution or system compromise. Affected organizations should immediately upgrade beyond version 2.2.0 or implement access controls on the upload functionality until a patch is released.
FastApiAdmin versions up to 2.2.0 contain an unrestricted file upload vulnerability in the Scheduled Task API's upload controller that allows authenticated attackers to upload arbitrary files remotely. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could leverage this to achieve unauthorized file write access and potentially further compromise the application.
FastApiAdmin versions up to 2.2.0 contain an information disclosure vulnerability in the file download endpoint that allows authenticated attackers to read arbitrary files through path traversal manipulation. Public exploit code exists for this vulnerability, enabling remote exploitation by users with valid credentials. The vulnerability affects the download_controller function and currently has no available patch.
FastApiAdmin versions up to 2.2.0 expose sensitive information through the reset_api_docs function in the Custom Documentation Endpoint, allowing unauthenticated remote attackers to access confidential data. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available to remediate this issue.