Gin-vue-admin - Unrestricted File Upload
CVE-2022-32176

9CRITICAL

Key Information:

Vendor: Gin-vue-admin
Status: Gin-vue-admin
Vendor: CVE Published:; 17 October 2022

🔔 Create Gin-vue-admin Vulnerability Alert

What is CVE-2022-32176?

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover.

Affected Version(s)

gin-vue-admin v2.5.1

gin-vue-admin <= unspecified

References

https://www.mend.io/vulnerability-database/CVE-2022-32176

https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
May 31, 2022

Credit

Mend Vulnerability Research Team (MVR)

CVE-2022-32176 Data

JSON