Gin Vue Admin
CVE-2022-39345
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version.
AnalysisAI
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version. Affected products include: Gin-Vue-Admin Project Gin-Vue-Admin. Version information: prior to 2.5.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Gin Vue Admin
View allGin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stac
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution o
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to executio
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stac
Gin-vue-admin versions 2.8.7 and earlier contain a path traversal vulnerability in the breakpoint resume upload API that
Gin-Vue-Admin before 2.4.6 mishandles a SQL database. Rated critical severity (CVSS 9.8), this vulnerability is remotely
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stac
Authenticated remote code execution in gin-vue-admin 2.9.1 lets attackers with access to the code-generation and MCP man
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today