Lucene search
MendCVELIST:CVE-2022-32177HistoryOct 11, 2022 - 12:00 a.m.
CVE-2022-32177 Gin-vue-admin - Unrestricted File Upload
2022-10-1100:00:00
CWE-434
Mend
www.cve.org
1
cve-2022-32177
gin-vue-admin
unrestricted file upload
media library
account takeover
In βGin-Vue-Adminβ, versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the βNormal Uploadβ functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the adminβs cookie leading to account takeover.
CNA Affected
[
{
"vendor": "gin-vue-admin",
"product": "gin-vue-admin",
"versions": [
{
"version": "v2.5.1",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThanOrEqual": "v2.5.3beta",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-32177
2022-10-14 07:15:09
cve
cve
CVE-2022-32177
2022-10-14 07:15:09
prion
prion
Unrestricted file upload
2022-10-14 07:15:00
osv
osv
CVE-2022-32177
2022-10-14 07:15:09