Gin-vue-admin - Unrestricted File Upload
CVE-2022-32177

9CRITICAL

Key Information:

Vendor: Gin-vue-admin
Status: Gin-vue-admin
Vendor: CVE Published:; 14 October 2022

🔔 Create Gin-vue-admin Vulnerability Alert

What is CVE-2022-32177?

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.

Affected Version(s)

gin-vue-admin v2.5.1

gin-vue-admin <= unspecified

References

https://www.mend.io/vulnerability-database/CVE-2022-32177

https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2022
Vulnerability Reserved
May 31, 2022

Credit

Mend Vulnerability Research Team (MVR)

CVE-2022-32177 Data

JSON