What is CVE-2022-32176?

CVE-2022-32176 is a critical-severity vulnerability in Gin-vue-admin, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.0/10. Published 2022-10-17.

How severe is CVE-2022-32176?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Arbitrary file upload in Gin-vue-admin

CVE-2022-32176

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploa…

Vulnerability class: Unrestricted File Upload

EPSS: 0.009 (56.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Gin-vue-admin — versions v2.5.1, unspecified
Gin-vue-admin_project Gin-vue-admin

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

vulnerabilitylab@mend.io (Exploit, Third Party Advisory)
vulnerabilitylab@mend.io (Exploit, Third Party Advisory)

Frequently asked questions

What is CVE-2022-32176?: CVE-2022-32176 is a critical-severity vulnerability in Gin-vue-admin, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.0/10. Published 2022-10-17.
How severe is CVE-2022-32176?: Critical severity. CVSS v3 base score is 9.0 out of 10.