Vulnerabilities > Nukeviet > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2020-21808 | SQL Injection vulnerability in Nukeviet SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. | 9.8 |
| 2021-07-30 | CVE-2020-21809 | SQL Injection vulnerability in Nukeviet SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. | 9.8 |
| 2020-12-31 | CVE-2019-7726 | SQL Injection vulnerability in Nukeviet modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | 9.8 |
| 2020-12-31 | CVE-2019-7725 | Deserialization of Untrusted Data vulnerability in Nukeviet includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk). | 9.8 |