Lucene search
MendCVELIST:CVE-2022-32176HistoryOct 17, 2022 - 6:25 p.m.
CVE-2022-32176 Gin-vue-admin - Unrestricted File Upload
2022-10-1718:25:09
CWE-434
Mend
www.cve.org
4
unrestricted file upload
gin-vue-admin
media library
account takeover
cve-2022-32176
In “Gin-Vue-Admin”, versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the “Compress Upload” functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.
CNA Affected
[
{
"vendor": "gin-vue-admin",
"product": "gin-vue-admin",
"versions": [
{
"version": "v2.5.1",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThanOrEqual": "v2.5.3b",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-32176
2022-10-17 19:15:09
nvd
nvd
CVE-2022-32176
2022-10-17 19:15:09
prion
prion
Unrestricted file upload
2022-10-17 19:15:00
cve
cve
CVE-2022-32176
2022-10-17 19:15:09