I. overview of vulnerabilities

On September 22, 2020, the vulnerability of fastadmin remote execution center will be exposed. You can upload specific files directly to getshell. Up to now, the vulnerability has not been officially repaired. Chuangyu reminds fastadmin users to take security measures as soon as possible to prevent hackers from exploiting the vulnerability.

II. Affected version

V1. 0.0.20180911_ beta-V1. 0.0.20200506_ beta

III. recurrence process

nothing

IV. scope of influence

According to zoomeye cyberspace search engine, the keyword "fastadmin" was searched, and a total of 5961 IP history records were obtained, which are concentrated in China.

V. repair suggestions

It is recommended that affected users refer to the guidelines on the official website and upgrade fastadmin to the latest beta version (v1.0.0.20200920_beta)

Link:

https://www.fastadmin.net/news/83.html

Six timeline

Fastadmin Remote Code Execution Vulnerability exposure time: September 22, 2020

Know the time when Chuangyu released vulnerability Intelligence: September 24, 2020

VII. Related links

https://www.fastadmin.net/news/83.html

Zoomeye cyberspace search engine:

https://www.zoomeye.org/searchResult/report?q=FastAdmin