← back
CVE-2022-32176

Gin-vue-admin - Unrestricted File Upload

CVSS 9 CRITICALEPSS 0.9%CWE-434
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →