Skip to content
main
Switch branches/tags
Go to file
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time

README.md

Fastadmin-V1.0.0.20200506_beta - Stored cross-site scripting attacks

CVE ID:CVE-2020-22609

Affected products:Fastadmin

Vulnerability type:Stored cross-site scripting attacks

Version :V1.0.0.20200506_beta

Product manual :FastAdmin is an extremely fast background development framework based on ThinkPHP5+Bootstrap.

Vulnerability description:fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.

  1. Through audit analysis of \application\admin\controller\Category.php, it was found that no comprehensive filtering was performed
    image
  2. Click the category management-edit-nickname box to insert xss statement
    image
    image
  3. Rebound administrator identity information
    image
  4. payload:
    image

About

No description, website, or topics provided.

Resources

Releases

No releases published

Packages

No packages published