cvedb.io
CVE-2022-39305
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-10-24T14:15:51.207 · Last modified 2026-06-17T04:58:06.570

Summary

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds.

Affected products

gin-vue-admin_project — gin-vue-admin

Does this affect you?

Add your gear to cvedb and we'll alert you only when gin-vue-admin_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.