piexlMax

2 exploits Active since Oct 2022
CVE-2022-39305 WRITEUP CRITICAL WRITEUP
gin-vue-admin < 2.5.4b - Arbitrary File Read via Unvalidated fileMd5 and fileName Parameters
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds.
CVSS 9.8
CVE-2025-66410 WRITEUP CRITICAL WRITEUP
Gin-vue-admin <2.8.6 - File Deletion
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
CVSS 9.1