Back to KEVs

CVE-2024-7928

FastAdmin lang path traversal

Basic Information

CVE State
PUBLISHED
Reserved Date
August 19, 2024
Published Date
August 19, 2024
Last Updated
September 03, 2024
Vendor
n/a
Product
FastAdmin
Description
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component. Eine problematische Schwachstelle wurde in FastAdmin bis 1.3.3.20220121 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /index/ajax/lang. Durch Manipulation des Arguments lang mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.3.4.20220530 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
Tags
nuclei_scanner

CVSS Scores

CVSS v4.0

5.3 - MEDIUM

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS v3.1

4.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v3.0

4.3 - MEDIUM

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2.0

4.0

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

SSVC Information

Exploitation
poc
Technical Impact
partial

Exploit Status

Proof of Concept Available
Yes (added 2024-08-23 15:50:30 UTC) Source

References

https://vuldb.com/?id.275114 https://vuldb.com/?ctiid.275114 https://vuldb.com/?submit.392202 https://wiki.shikangsi.com/post/share/da0292b8-0f92-4e6e-bdb7-73f47b901acd

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2026-01-15 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7928.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

th3gokul/CVE-2024-7928

Type: github • Created: 2024-08-23 15:50:30 UTC • Stars: 2

CVE-2024-7928: FastAdmin < V1.3.4.20220530 Arbitrary File Reading Vulnerability

gh-ost00/CVE-2024-7928

Type: github • Created: 2024-08-20 12:15:48 UTC • Stars: 6

CVE-2024-7928 fastadmin vulnerability POC & Scanning

bigb0x/CVE-2024-7928

Type: github • Created: 2024-08-20 03:09:47 UTC • Stars: 63

Will attempt to retrieve DB details for FastAdmin instances

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel