Skip to content

BigTiger2020/Fastadmin-V1.0.0.20200506_beta

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

Fastadmin-V1.0.0.20200506_beta - Stored cross-site scripting attacks

CVE ID:CVE-2020-22609

Affected products:Fastadmin

Vulnerability type:Stored cross-site scripting attacks

Version :V1.0.0.20200506_beta

Product manual :FastAdmin is an extremely fast background development framework based on ThinkPHP5+Bootstrap.

Vulnerability description:fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.

  1. Through audit analysis of \application\admin\controller\Category.php, it was found that no comprehensive filtering was performed
    image
  2. Click the category management-edit-nickname box to insert xss statement
    image
    image
  3. Rebound administrator identity information
    image
  4. payload:
    image

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published