← volver
CVE-2022-32177

Gin-vue-admin - Unrestricted File Upload

CVSS 9 CRITICALEPSS 0.9%CWE-434
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 oct 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →