Lucene search
+L

CVE-2022-21660

🗓️ 09 Feb 2022 19:55:09Reported by GitHub_MType 
cve
 cve
🔗 web.nvd.nist.gov👁 96 Views🌐 WEB

Gin-vue-admin backstage management system prior to 2.4.7 allows low privilege users to modify higher privilege users

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Missing Authorization in Gin-Vue-Admin_Project Gin-Vue-Admin
10 Jan 202205:50
githubexploit
Circl
CVE-2022-21660
9 Feb 202222:13
circl
CNNVD
Gin-Vue-Admin 权限许可和访问控制问题漏洞
9 Feb 202200:00
cnnvd
Cvelist
CVE-2022-21660 Missing authorization in gin-vue-admin
9 Feb 202219:55
cvelist
EUVD
EUVD-2022-26877
3 Oct 202520:07
euvd
NVD
CVE-2022-21660
9 Feb 202220:15
nvd
OSV
CVE-2022-21660 Missing authorization in gin-vue-admin
9 Feb 202219:55
osv
Prion
Authentication flaw
9 Feb 202220:15
prion
RedhatCVE
CVE-2022-21660
6 Feb 202501:11
redhatcve
Veracode
Authorization Bypass
10 Feb 202208:31
veracode
Rows per page
NVD
Vulners
[
  {
    "product": "gin-vue-admin",
    "vendor": "flipped-aurora",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.4.7"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
idrequest body/api/user/setUserInfoSetUserInfo validates and updates user fields; due to missing binding/authorization, a low-privilege user can modify other users’ data by supplying arbitrary IDs and fields.CWE-862
usernamerequest body/api/user/setUserInfoSetUserInfo validates and updates user fields; due to missing binding/authorization, a low-privilege user can modify other users’ data by supplying arbitrary IDs and fields.CWE-862
nickNamerequest body/api/user/setUserInfoSetUserInfo validates and updates user fields; due to missing binding/authorization, a low-privilege user can modify other users’ data by supplying arbitrary IDs and fields.CWE-862
headerImgrequest body/api/user/setUserInfoSetUserInfo validates and updates user fields; due to missing binding/authorization, a low-privilege user can modify other users’ data by supplying arbitrary IDs and fields.CWE-862
Passwordrequest body/api/user/setUserInfoSetUserInfo validates and updates user fields; due to missing binding/authorization, a low-privilege user can modify other users’ data by supplying arbitrary IDs and fields.CWE-862
Usernamerequest body/api/user/changePasswordChangePassword allows password updates; if improperly restricted, a user may change passwords other than their own, enabling account takeover.CWE-862
Passwordrequest body/api/user/changePasswordChangePassword allows password updates; if improperly restricted, a user may change passwords other than their own, enabling account takeover.CWE-862
NewPasswordrequest body/api/user/changePasswordChangePassword allows password updates; if improperly restricted, a user may change passwords other than their own, enabling account takeover.CWE-862

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:26Current
8.1High risk
Vulners AI Score8.1
CVSS 25.5
CVSS 3.18.1
EPSS0.01097
SSVC
96