CVE-2022-32177

CVE-2022-32177: Gin-vue-admin - Unrestricted File Upload

Vendor Gin-Vue-Admin
Product gin-vue-admin
Weakness CWE-434 · Unrestricted file upload
Published October 14, 2022
Last update May 14, 2025

CVSS base score

What the vulnerability does

01Description

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.

Key dates

02Disclosure timeline

October 14, 2022 CVE published
May 14, 2025 Record updated