CVE-2022-32176

CVE-2022-32176: Gin-vue-admin - Unrestricted File Upload

Vendor Gin-Vue-Admin
Product gin-vue-admin
Weakness CWE-434 · Unrestricted file upload
Published October 17, 2022
Last update May 10, 2025

CVSS base score

What the vulnerability does

01Description

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover.

Key dates

02Disclosure timeline

October 17, 2022 CVE published
May 10, 2025 Record updated