CVE-2024-7453

Name of the Vulnerable Software and Affected Versions FastAdmin version 1.5.0.20240328

Description A vulnerability was found in the Attachment Management Section of the software, affecting the file /[admins url].php/general/attachment/edit/ids/4?dialog=1. The issue arises from the manipulation of the row[url], row[imagewidth], and row[imageheight] arguments, leading to cross-site scripting. This can be initiated remotely.

Recommendations For FastAdmin version 1.5.0.20240328, as a temporary workaround, consider restricting access to the Attachment Management Section until a patch is available. Avoid using the row[url], row[imagewidth], and row[imageheight] arguments in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.