Filtered by vendor Nukeviet
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21809 | 1 Nukeviet | 1 Nukeviet | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. | |||||
| CVE-2020-21808 | 1 Nukeviet | 1 Nukeviet | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. | |||||
| CVE-2019-7725 | 1 Nukeviet | 1 Nukeviet | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk). | |||||
| CVE-2019-7726 | 1 Nukeviet | 1 Nukeviet | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | |||||