Skip to main content

Nukeviet

7 CVEs product

Monthly

CVE-2024-36531 MEDIUM POC This Month

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Egovernment Nukeviet
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-36528 PHP HIGH POC This Week

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Egovernment Nukeviet
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3975 PHP MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Nukeviet
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-30874 PHP MEDIUM POC PATCH This Month

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nukeviet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-13157 PHP MEDIUM POC This Month

modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-13156 PHP MEDIUM POC This Month

modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-13155 PHP HIGH POC This Week

clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
EPSS 0% CVSS 5.7
MEDIUM POC This Month

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Nukeviet
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nukeviet
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy