CVE-2024-37896SQL Injection in Gin-vue-admin

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 77.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Flipped-aurora Gin-vue-adminGithub.com Flipped-aurora Gin-vue-admin
Timeline
PublishedJun 17
Latest updateJun 28

Description

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing to properly enforce restrictions on user input could mean that even a basic form input field can be used to inject arbitrary and potentially dangerous SQL commands. This could lead to unauthorized acces

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5flipped-aurora/gin-vue-admin< 2.6.6

🔴Vulnerability Details

2
OSV
SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin2024-06-28
CVEList
SQL injection vulnerability in Gin-vue-admin2024-06-17
CVE-2024-37896 — SQL Injection in Gin-vue-admin | cvebase