CVE-2024-7453

A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The manipulation of the argument row[url]/row[imagewidth]/row[imageheight] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273544.
References
Link Resource
https://github.com/Hebing123/cve/issues/65 Exploit Third Party Advisory
https://github.com/Hebing123/cve/issues/66 Exploit Third Party Advisory
https://vuldb.com/?ctiid.273544 Permissions Required Third Party Advisory
https://vuldb.com/?id.273544 Permissions Required Third Party Advisory
https://vuldb.com/?submit.384320 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:fastadmin:fastadmin:1.5.0.20240328:*:*:*:*:*:*:*

History

20 Aug 2024, 15:50

Type Values Removed Values Added
References () https://github.com/Hebing123/cve/issues/65 - () https://github.com/Hebing123/cve/issues/65 - Exploit, Third Party Advisory
References () https://github.com/Hebing123/cve/issues/66 - () https://github.com/Hebing123/cve/issues/66 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.273544 - () https://vuldb.com/?ctiid.273544 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.273544 - () https://vuldb.com/?id.273544 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.384320 - () https://vuldb.com/?submit.384320 - Third Party Advisory
CPE cpe:2.3:a:fastadmin:fastadmin:1.5.0.20240328:*:*:*:*:*:*:*
CVSS v2 : 3.3
v3 : 2.4
v2 : 3.3
v3 : 4.8
First Time Fastadmin
Fastadmin fastadmin

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en FastAdmin 1.5.0.20240328. Ha sido declarada problemática. Esta vulnerabilidad afecta a código desconocido del archivo /[admins_url].php/general/attachment/edit/ids/4?dialog=1 del componente sección de gestión de archivos adjuntos. La manipulación del argumento fila[url]/fila[ancho de imagen]/fila[alto de imagen] conduce a cross site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-273544.

04 Aug 2024, 05:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-04 05:16

Updated : 2024-08-20 15:50


NVD link : CVE-2024-7453

Mitre link : CVE-2024-7453

CVE.ORG link : CVE-2024-7453


JSON object : View

Products Affected

fastadmin

  • fastadmin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')