Github.Com Flipped-Aurora Gin-Vue-Admin vulnerabilities

CVE-2026-22786 [HIGH] CWE-22 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal ### Impact Gin-vue-admin 2. Then, the `filename` parameter here uses `../` to traverse to an arbitrary path. 3. Proof ### Patches Please wait for the latest patch

CVE-2025-66410 [HIGH] CWE-22 Gin-vue-admin has an arbitrary file deletion vulnerability Gin-vue-admin has an arbitrary file deletion vulnerability ### Impact Attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder The affected code: Affected interfaces: /api/fileUploadAndDownload/removeChunk POC: You can specify the FileMd5 value as the directory or file you want t

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin

CVE-2022-47762 [HIGH] CWE-22 Path Traversal in gin-vue-admin Path Traversal in gin-vue-admin In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.