← voltar
CVE-2022-32177

Gin-vue-admin - Unrestricted File Upload

CVSS 9 CRITICALEPSS 0.9%CWE-434
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 out 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →