CVE-2024-7928
published 2024-08-19CVE-2024-7928: A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of…
PriorityP181high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
16.88%
96.7th percentile
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastadmin | fastadmin | < 1.3.4.20220530 | 1.3.4.20220530 |
| fastadmin | fastadmin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP response body contains all four strings: 'jsonpReturn(', '"password":', '"username":', '"database":' simultaneously — indicating successful path traversal and database config file read. ↗
- →Successful exploitation returns HTTP 200 with Content-Type: application/javascript and the database credential strings in the body. ↗
- →The path traversal payload targets the FastAdmin database configuration file via the 'lang' parameter using '../../application/database' as the traversal string. ↗
- ·Exploitation requires authentication (low-privilege); the CVSS vector specifies PR:L (privileges required: low). ↗
- ·Vulnerability only affects FastAdmin versions up to and including 1.3.3.20220121; version 1.3.4.20220530 and later are patched. ↗
- ·EPSS score is extremely high (0.918, 99.7th percentile), indicating this vulnerability is very likely being actively exploited in the wild. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gp9j-wjxg-4r78: A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1
ghsa_unreviewed·2024-08-20
CVE-2024-7928 [MEDIUM] CWE-22 GHSA-gp9j-wjxg-4r78: A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.
VulnCheck
FastAdmin /index/ajax/lang Directory Traversal Vulnerability
vulncheck·2024·CVSS 5.3
CVE-2024-7928 [MEDIUM] FastAdmin /index/ajax/lang Directory Traversal Vulnerability
FastAdmin /index/ajax/lang Directory Traversal Vulnerability
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Affected: FastAdmin FastAdmin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-08-29&host_type=src&vulnerability=cve-2024-7928; https://dashboard.shadowserver.org/statisti
No detection rules found.
Nuclei
FastAdmin < V1.3.4.20220530 - Path Traversal
nuclei·CVSS 5.3
CVE-2024-7928 [MEDIUM] FastAdmin < V1.3.4.20220530 - Path Traversal
FastAdmin < V1.3.4.20220530 - Path Traversal
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.
Template:
id: CVE-2024-7928
info:
name: FastAdmin < V1.3.4.20220530 - Path Traversal
author: s4e-io,Hel10-Web
severity: medium
description: |
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unkno
2024-08-19
Published
Exploited in the wild