Gin-vue-admin Project

Gin-vue-admin

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2025-66410

Exploit
  • EPSS 0.13%
  • Veröffentlicht 01.12.2025 22:28:59
  • Zuletzt bearbeitet 06.02.2026 16:50:02

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to del...

7.5

CVE-2022-47762

Exploit
  • EPSS 0.4%
  • Veröffentlicht 03.02.2023 21:15:10
  • Zuletzt bearbeitet 26.03.2025 19:15:20

In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.

7.5

CVE-2022-39345

Exploit
  • EPSS 0.64%
  • Veröffentlicht 25.10.2022 17:15:56
  • Zuletzt bearbeitet 21.11.2024 07:18:04

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contain...

9.8

CVE-2022-39305

Exploit
  • EPSS 0.43%
  • Veröffentlicht 24.10.2022 14:15:51
  • Zuletzt bearbeitet 21.11.2024 07:17:59

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, res...

9

CVE-2022-32176

Exploit
  • EPSS 0.61%
  • Veröffentlicht 17.10.2022 19:15:09
  • Zuletzt bearbeitet 27.05.2025 21:08:02

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a...

9

CVE-2022-32177

Exploit
  • EPSS 0.67%
  • Veröffentlicht 14.10.2022 07:15:09
  • Zuletzt bearbeitet 14.05.2025 16:15:19

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, ...

7.5

CVE-2022-24843

  • EPSS 0.66%
  • Veröffentlicht 13.04.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:51:13

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in versi...

8.8

CVE-2022-24844

Exploit
  • EPSS 0.36%
  • Veröffentlicht 13.04.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:51:13

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be u...

8.1

CVE-2022-21660

Exploit
  • EPSS 0.71%
  • Veröffentlicht 09.02.2022 20:15:12
  • Zuletzt bearbeitet 21.11.2024 06:45:10

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soo...

9.8

CVE-2021-44219

  • EPSS 0.36%
  • Veröffentlicht 24.11.2021 23:15:08
  • Zuletzt bearbeitet 21.11.2024 06:30:36

Gin-Vue-Admin before 2.4.6 mishandles a SQL database.