| 제목 | FastAdmin 1.7.0.20250506 SQL Injection |
|---|
| 설명 | A time-based blind SQL injection vulnerability exists in FastAdmin <= 1.7.0.20250506. The vulnerability is located in the selectpage() method of Backend.php. The custom parameter's field name is not properly sanitized before being used in WHERE clause, allowing authenticated backend users to inject arbitrary SQL commands and extract sensitive database information including usernames, password hashes, and database structure. |
|---|
| 원천 | ⚠️ https://note-hxlab.wetolink.com/share/1924AEdgGFYu |
|---|
| 사용자 | pemic (UID 93604) |
|---|
| 제출 | 2025. 12. 18. AM 04:18 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 19. AM 11:46 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 337601 [FastAdmin 까지 1.7.0.20250506 Backend Controller Backend.php selectpage custom/searchField SQL 주입] |
|---|
| 포인트들 | 20 |
|---|