cbcvebase.
CVE-2024-7928
published 2024-08-19

CVE-2024-7928: A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of…

PriorityP181high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
16.88%
96.7th percentile
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.

Affected

2 ranges
VendorProductVersion rangeFixed in
fastadminfastadmin< 1.3.4.202205301.3.4.20220530
fastadminfastadmin

Detection & IOCsextracted from sources · hover to see the quote

url/index/ajax/lang?lang=../../application/database
path/index/ajax/lang
otherfofa-query: icon_hash="-1036943727"
  • HTTP response body contains all four strings: 'jsonpReturn(', '"password":', '"username":', '"database":' simultaneously — indicating successful path traversal and database config file read.
  • Successful exploitation returns HTTP 200 with Content-Type: application/javascript and the database credential strings in the body.
  • The path traversal payload targets the FastAdmin database configuration file via the 'lang' parameter using '../../application/database' as the traversal string.
  • ·Exploitation requires authentication (low-privilege); the CVSS vector specifies PR:L (privileges required: low).
  • ·Vulnerability only affects FastAdmin versions up to and including 1.3.3.20220121; version 1.3.4.20220530 and later are patched.
  • ·EPSS score is extremely high (0.918, 99.7th percentile), indicating this vulnerability is very likely being actively exploited in the wild.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.