CVE-2025-14966
FastAdmin Backend Controller Backend.php selectpage sql injection
CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
| CWE | CWE-89 CWE-74 |
| Vendor | n/a |
| Product | fastadmin |
| Published | Dec 19, 2025 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a fastadmin
Be the first to know when new medium vulnerabilities affecting n/a fastadmin are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / FastAdmin
1.7.0.20250506
References
vuldb.com: https://vuldb.com/?id.337601 vuldb.com: https://vuldb.com/?ctiid.337601 vuldb.com: https://vuldb.com/?submit.718309 vuldb.com: https://vuldb.com/?submit.718339 note-hxlab.wetolink.com: https://note-hxlab.wetolink.com/share/1924AEdgGFYu note-hxlab.wetolink.com: https://note-hxlab.wetolink.com/share/auEz57nwynMq
Credits
๐ pemic (VulDB User)