Vulnerabilities > CVE-2022-30428 - Files or Directories Accessible to External Parties vulnerability in Ginadmin Project Ginadmin 1.0.1/20220510

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ginadmin-project

NVD

Published: 2022-05-25

Updated: 2022-06-08

Summary

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading.

Vulnerable Configurations

Part	Description	Count
Application	Ginadmin_Project Ginadmin Project Ginadmin - Ginadmin Project Ginadmin 1.0.1 Ginadmin Project Ginadmin 2022-05-10	3

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://github.com/gphper/ginadmin/issues/9

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.