CVE-2025-2593

Name of the Vulnerable Software and Affected Versions FastCMS versions up to 0.1.5

Description A critical issue has been found in FastCMS, affecting an unknown functionality of the file "/api/client/article/list". The manipulation of the orderBy argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For FastCMS versions up to 0.1.5, update to a version later than 0.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/client/article/list" endpoint until a patch is available. Avoid using the orderBy argument in the affected API endpoint until the issue is resolved.