2020-11-13 15:03:46
mitre
PUBLISHED
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the table parameter passed is not filtered so a malicious parameter can be passed for SQL injection.