Vulnerability Description
A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fastadmin | Fastadmin | <= 1.6.1.20250430 |
Related Weaknesses (CWE)
References
- https://note-hxlab.wetolink.com/share/1924AEdgGFYuExploitThird Party Advisory
- https://note-hxlab.wetolink.com/share/auEz57nwynMqExploitThird Party Advisory
- https://vuldb.com/?ctiid.337601Permissions RequiredVDB Entry
- https://vuldb.com/?id.337601Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.718309Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.718339Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-14966?
CVE-2025-14966 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executi...
How severe is CVE-2025-14966?
CVE-2025-14966 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14966?
Check the references section above for vendor advisories and patch information. Affected products include: Fastadmin Fastadmin.