CNNVD-202512-3800 Information

Dec 19, 2025 cve

CNNVD ID

CNNVD-202512-3800

CVE-2025-14966

CNNVD Published: 2025-12-19

Description (Chinese)

FastAdmin是Karson个人开发者的一套基于ThinkPHP和Bootstrap的网站后台开发框架。 FastAdmin 1.7.0.20250506及之前版本存在SQL注入漏洞，该漏洞源于组件Backend Controller中文件application/common/controller/Backend.php的selectpage函数对参数custom/searchField处理不当，可能导致SQL注入。

Description (English)

FastAdmin is a set of web-based back-office development frameworks based on ThinkPHP and Bootstream for Karson’s personal developers. FastAdmin 1.7.0.205006 and previous versions have an injection loophole in SQL, which stems from the inappropriate handling of parameters by the standardpage function of file application/compon/controller/Backend.php in component Backend Contractor, which may result in SQL injection.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2025-12-19

Last Modified

2026-02-24

References

https://vuldb.com/?submit.718339 https://vuldb.com/?submit.718309 https://note-hxlab.wetolink.com/share/1924AEdgGFYu https://vuldb.com/?ctiid.337601 https://note-hxlab.wetolink.com/share/auEz57nwynMq https://vuldb.com/?id.337601 https://access.redhat.com/security/cve/cve-2025-14966

Share on: