CVE-2022-24844
HIGHgin-vue-admin < 2.5.1 - Authenticated SQL Injection in PostgreSQL Auto Code Service
Title source: llmDescription
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login) and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425
Patch, Third Party Advisory x_refsource_misc
https://github.com/flipped-aurora/gin-vue-admin/pull/1024
Scores
CVSS v3
8.1
EPSS
0.0144
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
gin-vue-admin_project/gin-vue-admin
< 2.5.1
Published
Apr 13, 2022
Tracked Since
Feb 18, 2026