CVE-2020-21667: SQL Injection

November 13, 2020 (updated December 1, 2020)

In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ’table’ parameter passed is not filtered so a malicious parameter can be passed for SQL injection.

References

nvd.nist.gov/vuln/detail/CVE-2020-21667

Code Behaviors & Features

Detect and mitigate CVE-2020-21667 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →