Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gin-vue-admin - Unrestricted File Upload
Vulnerability Description
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Gin-Vue-Admin 代码问题漏洞
Vulnerability Description
Gin-Vue-Admin是一个基于 Vue 和 Gin 开发的全栈前开发基础平台。 Gin Vue Admin v2.5.1版本至v2.5.3beta版本存在代码问题漏洞,该漏洞源于没有限制文件上传功能。攻击者利用该漏洞执行javascript代码,并且可以访问管理员的cookie,从而导致帐户接管。
CVSS Information
N/A
Vulnerability Type
N/A