CVE-2022-21660
HIGHgin-vue-admin < 2.4.6 - Missing Authorization in setUserInfo Function
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-21660. PoCs published by UzJu.
AI-analyzed exploit summary This repository provides a detailed writeup and proof-of-concept for CVE-2022-21660, a vertical privilege escalation vulnerability in Gin-Vue-admin. The vulnerability allows low-privilege users to modify administrative user information, including passwords, due to insufficient ID validation in the SetUserInfo endpoint.
Description
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds.
Exploits (1)
This repository provides a detailed writeup and proof-of-concept for CVE-2022-21660, a vertical privilege escalation vulnerability in Gin-Vue-admin. The vulnerability allows low-privilege users to modify administrative user information, including passwords, due to insufficient ID validation in the SetUserInfo endpoint.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N