QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32177

Published: Oct 14, 2022

Modified: May 14, 2025

PUBLISHED

Description

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.

Vendor	Product	Versions
gin-vue-admin	gin-vue-admin	affected `v2.5.1 - < unspecified` affected `unspecified - <= v2.5.3beta`

Weaknesses (CWE)

References

https://www.mend.io/vulnerability-database/CVE-2022-32177

https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/common.vue#L29-L37

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.