flipped-aurora gin-vue-admin
0 remedies
cpe:2.3:a:gin-vue-admin_project:gin-vue-admin:*:*:*:*:*:*:*
0 remedies
- < 2.8.7
Gin-Vue-Admin Arbitrary File Deletion Vulnerability
Vulnerability
An arbitrary file deletion vulnerability exists in Gin-Vue-Admin versions prior to 2.8.7. This issue allows attackers to delete any file or folder on the server by manipulating the 'FileMd5' parameter, leading to potential damage or disruption of server resources.
Impact
Exploitation of this vulnerability allows for the arbitrary deletion of files and directories on the server, which can cause damage to the system or disrupt the availability of server resources.
Reproduction
To reproduce this vulnerability, send a request to the '/api/fileUploadAndDownload/removeChunk' endpoint with a payload that includes the 'FileMd5' parameter set to the path of the file or directory to be deleted. The request must include a valid user token in the 'x-token' header.
Remediation
Users are advised to update to Gin-Vue-Admin version 2.8.7 or later, where this vulnerability has been patched.
Added: Dec 1, 2025, 11:21 PM
Updated: Dec 1, 2025, 11:21 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
6.6remediation
0.0relevance
1.3threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.