Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nukeviet
(Nukeviet)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-31 | CVE-2019-7725 | includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk). | Nukeviet | 9.8 | ||
| 2020-12-31 | CVE-2019-7726 | modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | Nukeviet | 9.8 |