CVE-2022-32176
Gin-vue-admin - Unrestricted File Upload
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
17 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
gin-vue-admin · gin-vue-adminWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →