CVE-2024-7928

Name of the Vulnerable Software and Affected Versions FastAdmin versions prior to 1.3.4.20220530

Description A problematic issue exists in FastAdmin related to improper path restriction within the /index/ajax/lang component. This allows for path traversal, potentially enabling remote attackers to access sensitive information. The issue affects an unknown functionality within the /index/ajax/lang file, where manipulation of the lang parameter can lead to unauthorized data access. Reports indicate that approximately 14,000 instances may be affected yearly. Exploitation of this issue has been publicly disclosed and is being actively used to retrieve database details. The API endpoint /index/ajax/lang is involved, and the lang parameter is a vulnerable parameter.

Recommendations Upgrade to FastAdmin version 1.3.4.20220530 or later.