Description
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References (5)
Core 5
Core References
Third Party Advisory vdb-entry
https://vuldb.com/?id.220038
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.220038
Broken Link broken-link
https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md
Broken Link broken-link
exploit
https://github.com/linmoren/fastcms_bug/blob/main/password.zip
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.82316
Scores
CVSS v3
6.3
EPSS
0.0057
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-434
Status
published
Products (1)
fastcms_project/fastcms
0.1.0
Published
Feb 02, 2023
Tracked Since
Feb 18, 2026