CVE-2022-32176

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-32176

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32176.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-32176

Published

2022-10-17T19:15:09Z

Modified

2025-05-10T04:51:50.636587Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover.

References

Affected packages

Git / github.com/flipped-aurora/gin-vue-admin

Affected ranges

Type: GIT
Repo: https://github.com/flipped-aurora/gin-vue-admin
Events: Introduced

076e1092f0daff63f64bf38354a8f24ac6e67a4e

Last affected

96ef70b9439098e654ea98e5b1f0381484a37679

Affected versions

v2.*

v2.5.1b

v2.5.2

v2.5.3

v2.5.3b

v2.5.3beta