Login Sign Up

CVE-2021-43117

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2021-43117 is a critical file upload vulnerability in FastAdmin v1.2.1 that allows attackers to upload malicious files and execute arbitrary code on affected systems. This affects any organization using the vulnerable FastAdmin version, potentially leading to complete system compromise.

💻 Affected Systems

Products:
  • FastAdmin
Versions: v1.2.1
Operating Systems: All platforms running FastAdmin
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default installation of FastAdmin v1.2.1. No special configuration required for exploitation.

📦 What is this software?

Fastadmin by Fastadmin

View all CVEs affecting Fastadmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining shell access, data exfiltration, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Webshell upload leading to data theft, credential harvesting, and lateral movement within the network.

🟢

If Mitigated

Attack blocked at WAF/web application firewall level with proper file upload validation in place.

🌐 Internet-Facing: HIGH - Directly exploitable via web interface without authentication.
🏢 Internal Only: MEDIUM - Still exploitable by internal threats or compromised accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple file upload bypass with publicly available proof-of-concept. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.2.2 or later

Vendor Advisory: https://github.com/karsonzhang/fastadmin

Restart Required: No

Instructions:

1. Backup current installation. 2. Update FastAdmin to v1.2.2 or later via composer or manual update. 3. Verify file upload functionality works with proper restrictions.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file upload validation in application code

Implement file type whitelisting, size limits, and content validation in upload handlers

Web Server Configuration

linux

Restrict executable file uploads at web server level

nginx: location ~ \.(php|sh|pl|py)$ { deny all; }
Apache: <FilesMatch "\.(php|sh|pl|py)$"> Require all denied </FilesMatch>

🧯 If You Can't Patch

  • Implement WAF rules to block suspicious file uploads and PHP/shell file execution attempts
  • Disable file upload functionality entirely if not required for business operations

🔍 How to Verify

Check if Vulnerable:

Check FastAdmin version in admin panel or via composer show command

Check Version:

composer show karsonzhang/fastadmin | grep version

Verify Fix Applied:

Attempt to upload a malicious file with .php extension - should be rejected

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads with .php, .sh, .pl extensions
  • Multiple failed upload attempts
  • Webshell access patterns in access logs

Network Indicators:

  • POST requests to upload endpoints with executable files
  • Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND (uri="*upload*" OR uri="*addons*" OR uri="*ajax/upload*") AND (file_ext="php" OR file_ext="sh" OR file_ext="pl" OR file_ext="py")

📊 Metadata

CVE ID: CVE-2021-43117
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: December 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43117, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)