CVE-2020-21667

Published November 13th, 2020

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection.

che-my/fastadmin-tp6

fastadmin升级thinkphp6.0

GitHub