Piexlmax

**Name of the Vulnerable Software and Affected Versions** Gin-vue-admin versions prior to 2.5.4 **Description** The issue concerns an arbitrary file read due to insufficient validation of the `fileMd5` and `fileName` parameters in the file upload functionality. This allows unauthorized access to files. The problem is resolved in version 2.5.4b. **Recommendations** For versions prior to 2.5.4, update to version 2.5.4b to resolve the issue. As a temporary workaround, consider disabling the file upload feature until the update is applied. Restrict access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gin-vue-admin versions 2.50 **Description** Gin-vue-admin is a backstage management system based on vue and gin. The issue arises due to a lack of parameter validation, leading to an arbitrary file read vulnerability. There are no known workarounds for this issue. **Recommendations** For Gin-vue-admin version 2.50, update to version 2.5.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Gin-vue-admin versions prior to 2.5.1 **Description** The issue occurs in the server/service/system/sys auto code pgsql.go code, which means PostgreSQL must be used as the database for this problem to occur. Users must have JWT login and be using PostgreSQL to be affected. **Recommendations** For versions prior to 2.5.1, update to version 2.5.1 to resolve the issue. As a temporary workaround, consider disabling the `sys auto code pgsql.go` service until a patch is available. Restrict access to the PostgreSQL database to minimize the risk of exploitation. Avoid using the JWT login feature in conjunction with PostgreSQL until the issue is resolved.