135 matches found
CVE-2026-48787 gin-vue-admin vulnerable to RCE
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...
CVE-2026-48787
CVE-2026-48787 affects gin-vue-admin (AI-assisted basic development platform) in version 2.9.1. An authenticated attacker with access to the code-generation feature and MCP management interface can inject attacker-controlled Go source code via POST /autoCode/addFunc, then trigger a rebuild of the...
Arbitrary File Deletion
Gin-vue-admin is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of the FileMd5 parameter, which allows an attacker to manipulate file paths and delete arbitrary files or folders on the server...
SUSE CVE-2026-22786
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
GO-2026-4313 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal in github.com/flipped-aurora/gin-vue-admin
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal in github.com/flipped-aurora/gin-vue-admin...
CVE-2026-22786
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
GHSA-3558-J79F-VVM6 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal
Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal
Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...
CVE-2026-22786
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
CVE-2026-22786 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
CVE-2026-22786 The arbitrary file upload vulnerability caused by path traversal is on github.com/flipped-aurora/gin-vue-admin
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
CVE-2026-22786 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
CVE-2026-22786
Gin-vue-admin (github.com/flipped-aurora/gin-vue-admin)
Gin-vue-admin 代码问题漏洞
Gin-Vue-Admin is flipped-aurora open source development based on Vue and Gin a full-stack before the development of basic platform . Gin-vue-admin v2.8.7 and earlier versions of the code problem vulnerability , the vulnerability stems from the existence of path traversal in the upload function of...
PT-2026-2304
Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.8.8 Description Gin-vue-admin, a backstage management system based on vue and gin, contains a path traversal issue in the breakpoint resume upload functionality. The vulnerability exists because the MakeFile...
SUSE CVE-2025-66410
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...
CVE-2025-66410
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...
GO-2025-4171 Gin-vue-admin has an arbitrary file deletion vulnerability in github.com/flipped-aurora/gin-vue-admin
Gin-vue-admin has an arbitrary file deletion vulnerability in github.com/flipped-aurora/gin-vue-admin...
GHSA-JRHG-82W2-VVJ7 Gin-vue-admin has an arbitrary file deletion vulnerability
Impact Attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder The affected code: Affected interfaces: /api/fileUploadAndDownload/removeChunk POC: You can specify the...
Gin-vue-admin has an arbitrary file deletion vulnerability
Impact Attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder The affected code: Affected interfaces: /api/fileUploadAndDownload/removeChunk POC: You can specify the...