CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24843 – Path Traversal in github.com/flipped-aurora/gin-vue-admin
https://notcve.org/view.php?id=CVE-2022-24843
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue. Gin-vue-admin es un sistema de administración de bambalinas basado en vue y gin, que separa la parte delantera y trasera de la pila completa. • https://github.com/flipped-aurora/gin-vue-admin/issues/1002 https://github.com/flipped-aurora/gin-vue-admin/pull/1024 https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-32gq-gj42-mw43 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-24844 – SQL Injection in github.com/flipped-aurora/gin-vue-admin
https://notcve.org/view.php?id=CVE-2022-24844
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login) and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds. • https://github.com/flipped-aurora/gin-vue-admin/pull/1024 https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 3CVE-2022-21660 – Missing authorization in gin-vue-admin
https://notcve.org/view.php?id=CVE-2022-21660
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds. • https://github.com/UzJu/Gin-Vue-admin-poc-CVE-2022-21660 https://github.com/UzJu/CVE-2022-21660 https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-xxvh-9c87-pqjx • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44219
https://notcve.org/view.php?id=CVE-2021-44219
Gin-Vue-Admin before 2.4.6 mishandles a SQL database. Gin-Vue-Admin versiones anteriores a 2.4.6, maneja inapropiadamente una base de datos SQL • https://github.com/flipped-aurora/gin-vue-admin/issues/813 https://github.com/flipped-aurora/gin-vue-admin/pull/811 •