EUVD-2025-200119

Gin-vue-admin has an arbitrary file deletion vulnerability...

CVE-2025-66410

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...

CVE-2022-39345

Gin-vue-admin pre-2.5.4 is vulnerable to a path-traversal/file-upload flaw. The Unzip routine decompresses uploaded zips without validating contents, enabling Zip Slip-style traversal to overwrite arbitrary files. Affected versions:

CVE-2022-24843 Path Traversal in github.com/flipped-aurora/gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for th...

CVE-2022-21660

Gin-vue-admin, a Vue/Gin-based backstage management system, is vulnerable prior to version 2.4.7 due to missing authentication on the SetUserInfo endpoint, allowing a low-privilege user to modify higher-privilege accounts. The issue stems from not validating the target user ID in SetUserInfo, com...

CVE-2022-21660 Missing authorization in gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds...

CVE-2022-21660 Missing authorization in gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds...

Tangshan Ping Sheng Electronic Technology Development Co., Ltd. website backstage management system has a logic flaw vulnerability

Tangshan Ping Sheng Electronic Technology Development Co., Ltd. business scope includes: electronic products, instruments, electrical equipment, computers, software, automatic control system design, manufacturing, electromechanical equipment, wholesale, retail; technical services and so on...

Magic snow enterprises website system 1.0 injection vulnerabilities-vulnerability warning-the black bar safety net

Magic snow corporate website source to have news, group overview, industrial systems, human resources, investment resources, feedback, contact us section. Backstage news dynamic management, enterprise information management, industry management system, human resources management, investment...

Panshi China asp the backstage management system upload vulnerability and fix-vulnerability warning-the black bar safety net

By: Red snow Official: http://www.chpanshi.net/ Ver: asp Enterprise version, the background structure is substantially a touch of the same. Large cattle bypass, this no technical content, just speak from experience, guys don't yell at me for. （Thank you Allen upx8 invitation code Nothing else, op...