Vulnerabilities > Nukeviet

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-13	CVE-2022-3975	Improper Enforcement of Message or Data Structure vulnerability in Nukeviet A vulnerability, which was classified as problematic, has been found in NukeViet CMS. network low complexity nukeviet CWE-707	6.1
2022-06-21	CVE-2022-30874	Cross-site Scripting vulnerability in Nukeviet There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. network nukeviet CWE-79	3.5
2021-07-30	CVE-2020-21808	SQL Injection vulnerability in Nukeviet SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. network low complexity nukeviet CWE-89	7.5
2021-07-30	CVE-2020-21809	SQL Injection vulnerability in Nukeviet SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. network low complexity nukeviet CWE-89	7.5
2021-07-30	CVE-2020-22765	Cross-site Scripting vulnerability in Nukeviet 4.4.0 Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. network nukeviet CWE-79	4.3
2020-12-31	CVE-2019-7726	SQL Injection vulnerability in Nukeviet modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). network low complexity nukeviet CWE-89	7.5
2020-12-31	CVE-2019-7725	Deserialization of Untrusted Data vulnerability in Nukeviet includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk). network low complexity nukeviet CWE-502	7.5
2020-06-23	CVE-2020-13157	Cross-Site Request Forgery (CSRF) vulnerability in Nukeviet 4.4 modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. network nukeviet CWE-352	4.3
2020-06-23	CVE-2020-13156	Cross-Site Request Forgery (CSRF) vulnerability in Nukeviet 4.4 modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. network nukeviet CWE-352	4.3
2020-06-23	CVE-2020-13155	Cross-Site Request Forgery (CSRF) vulnerability in Nukeviet 4.4 clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. network nukeviet CWE-352	6.8

Vulnerabilities > Nukeviet {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Nukeviet"}]}

Vulnerabilities > Nukeviet