Title: fastapiadmin <= 2.2.0 Unrestricted Upload Description: - An unrestricted file upload vulnerability in FastapiAdmin versions up to 2.2.0. - Authenticated users with the permission can write arbitrary files to the server filesystem. - When combined with scheduled task APIs, remote code execution can be achieved. - The upload routine allows certain extensions like scripts disguised as an SVG. - Mitigation involves server-side content inspection, safe upload directories, and restricting access controls. Source: - https://github.com/CC-T454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-4 Submitter: Anonymous User Submission Date: 02/11/2026 09:58 AM Moderation Date: 02/22/2026 04:09 PM Status: Accepted VulDB Entry: 347362 Points: 20