QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32176

Published: Oct 17, 2022

Modified: May 10, 2025

PUBLISHED

Description

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover.

Vendor	Product	Versions
gin-vue-admin	gin-vue-admin	affected `v2.5.1 - < unspecified` affected `unspecified - <= v2.5.3b`

Weaknesses (CWE)

References

https://www.mend.io/vulnerability-database/CVE-2022-32176

https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-L49

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.