CVE-2022-32177
Gin-vue-admin - Unrestricted File Upload
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
14 oct 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Productos afectados
gin-vue-admin · gin-vue-admin¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →