JEBARAJ - Security Researcher - Exploit Intelligence Platform

CVE-2020-13157 EXPLOITDB MEDIUM text WORKING POC

NukeViet 4.4 - Cross-Site Request Forgery via User Edit URI

modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.

CVSS 6.5

View Code

CVE-2020-13156 EXPLOITDB MEDIUM text WORKING POC

NukeViet 4.4 - Cross-Site Request Forgery via User Add Admin Endpoint

modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.

CVSS 6.5

View Code

CVE-2020-13155 EXPLOITDB HIGH text WORKING POC

NukeViet 4.4 - Cross-Site Request Forgery via clearsystem.php deltype Parameter

clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.

CVSS 8.8

View Code