CVE-2022-24844

HIGH

gin-vue-admin < 2.5.1 - Authenticated SQL Injection in PostgreSQL Auto Code Service

Title source: llm
STIX 2.1

Description

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login) and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.

References (2)

Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425
Patch, Third Party Advisory x_refsource_misc
https://github.com/flipped-aurora/gin-vue-admin/pull/1024

Scores

CVSS v3 8.1
EPSS 0.0144
EPSS Percentile 70.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
gin-vue-admin_project/gin-vue-admin < 2.5.1
Published Apr 13, 2022
Tracked Since Feb 18, 2026