CVE-2022-32176

CRITICAL Year: 2022
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-434
View all →

Vulnerability Description

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover.

Related Vulnerabilities

CVE-2019-4130

CRITICAL
CVSS:9.0(Critical)

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.

CWE-4342019

CVE-2022-0945

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.

CWE-4342022

CVE-2022-0960

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.

CWE-4342022

CVE-2022-0962

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.

CWE-4342022

CVE-2022-1045

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.

CWE-4342022

CVE-2022-1345

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking,...

CWE-4342022