Gin-vue-admin has an arbitrary file deletion vulnerability

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.

N/A

对路径名的限制不恰当(路径遍历)

Gin-Vue-Admin 路径遍历漏洞

Gin-Vue-Admin是flipped-aurora开源的一个基于 Vue 和 Gin 开发的全栈前开发基础平台。 Gin-Vue-Admin 2.8.6及之前版本存在路径遍历漏洞，该漏洞源于攻击者可控制FileMd5参数删除任意文件和文件夹，可能导致服务器资源损坏或不可用。

N/A

N/A