Lucene search
PRIOn knowledge basePRION:CVE-2022-32177HistoryOct 14, 2022 - 7:15 a.m.
Unrestricted file upload
2022-10-1407:15:00
PRIOn knowledge base
www.prio-n.com
7
file upload vulnerability
gin-vue-admin
javascript execution
admin cookie
account takeover
In βGin-Vue-Adminβ, versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the βNormal Uploadβ functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the adminβs cookie leading to account takeover.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gin-vue-admin | eq | 2.5.3 beta | |
| gin-vue-admin | ge | 2.5.1 | |
| gin-vue-admin | le | 2.5.2 |
Related
nvd
nvd
CVE-2022-32177
2022-10-14 07:15:09
cve
cve
CVE-2022-32177
2022-10-14 07:15:09
cvelist
cvelist
CVE-2022-32177 Gin-vue-admin - Unrestricted File Upload
2022-10-11 00:00:00
osv
osv
CVE-2022-32177
2022-10-14 07:15:09