Gin-vue-admin Security Vulnerabilities and Issues — Gin-vue-admin CVE List

Lucene search

Gin-vue-admin ProjectGin-vue-admin

9 matches found

CVE•added 2022/04/13 9:15 p.m.•78 views

CVE-2022-24844

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occ...

8.8CVSS8.4AI score0.00438EPSS

CVE•added 2022/02/09 8:15 p.m.•77 views

CVE-2022-21660

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds.

8.1CVSS8.1AI score0.00671EPSS

CVE•added 2022/04/13 10:15 p.m.•65 views

CVE-2022-24843

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this...

7.5CVSS7.5AI score0.00624EPSS

CVE•added 2022/10/25 5:15 p.m.•50 views

CVE-2022-39345

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workaround...

9.8CVSS8.8AI score0.00211EPSS

CVE•added 2022/10/24 2:15 p.m.•49 views

CVE-2022-39305

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issu...

9.8CVSS9.5AI score0.001EPSS

CVE•added 2022/10/17 7:15 p.m.•42 views

CVE-2022-32176

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the ad...

9CVSS9.2AI score0.00103EPSS

CVE•added 2021/11/24 11:15 p.m.•40 views

CVE-2021-44219

Gin-Vue-Admin before 2.4.6 mishandles a SQL database.

9.8CVSS9.6AI score0.00363EPSS

CVE•added 2022/10/14 7:15 a.m.•40 views

CVE-2022-32177

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the a...

9CVSS9.2AI score0.00182EPSS

CVE•added 2023/02/03 9:15 p.m.•31 views

CVE-2022-47762

In gin-vue-admin

7.5CVSS7.4AI score0.00105EPSS