CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-31873 – Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2023-31873
24 May 2023 — Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process'). Gin v0.7.4 permite la ejecución de código arbitrario cuando un archivo manipulado esta abierto, por ejemplo, a través de: require('child_process'). Gin Markdown Editor version 0.7.4 suffers from an arbitrary code execution vulnerability. • https://packetstorm.news/files/id/172530 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47762
https://notcve.org/view.php?id=CVE-2022-47762
03 Feb 2023 — In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. • https://github.com/flipped-aurora/gin-vue-admin/issues/1309 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39345 – Gin-vue-admin arbitrary file upload vulnerability caused by path traversal
https://notcve.org/view.php?id=CVE-2022-39345
25 Oct 2022 — Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version. Gin-vue-admin es un sistema de administración de bambalinas basado en vue y gin, que separa la parte delantera y la trasera de la pila completa. • https://github.com/flipped-aurora/gin-vue-admin/blob/main/server/service/system/sys_auto_code.go • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39305 – Gin-vue-admin vulnerable to Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2022-39305
24 Oct 2022 — Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. • https://github.com/flipped-aurora/gin-vue-admin/blob/main/server/utils/breakpoint_continue.go • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32176 – Gin-vue-admin - Unrestricted File Upload
https://notcve.org/view.php?id=CVE-2022-32176
17 Oct 2022 — In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover. En "Gin-Vue-Admin", las versiones v2.5.1 hasta v2.5.3b son vulnerables a la subida de archivos sin restricciones que conlleva a una ejecución de código javascript, mediant... • https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-L49 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2022-32177 – Gin-vue-admin - Unrestricted File Upload
https://notcve.org/view.php?id=CVE-2022-32177
14 Oct 2022 — In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. En "Gin-Vue-Admin", versiones v2.5.1 hasta v2.5.3beta, son vulnerables a una subida de archivos sin restricciones que conlleva a una ejecución de código javascript, media... • https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/common.vue#L29-L37 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24843 – Path Traversal in github.com/flipped-aurora/gin-vue-admin
https://notcve.org/view.php?id=CVE-2022-24843
13 Apr 2022 — Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue. Gin-vue-admin es un sistema de administración de bambalinas basado en vue y gin, que separa la parte delantera y trasera de la pila completa. • https://github.com/flipped-aurora/gin-vue-admin/issues/1002 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-24844 – SQL Injection in github.com/flipped-aurora/gin-vue-admin
https://notcve.org/view.php?id=CVE-2022-24844
13 Apr 2022 — Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login) and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds. • https://github.com/flipped-aurora/gin-vue-admin/pull/1024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 3CVE-2022-21660 – Missing authorization in gin-vue-admin
https://notcve.org/view.php?id=CVE-2022-21660
09 Feb 2022 — Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds. • https://github.com/UzJu/Gin-Vue-admin-poc-CVE-2022-21660 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44219
https://notcve.org/view.php?id=CVE-2021-44219
24 Nov 2021 — Gin-Vue-Admin before 2.4.6 mishandles a SQL database. Gin-Vue-Admin versiones anteriores a 2.4.6, maneja inapropiadamente una base de datos SQL • https://github.com/flipped-aurora/gin-vue-admin/issues/813 •