JEBARAJ

3 exploits Active since Jun 2020
CVE-2020-13157 EXPLOITDB MEDIUM text WORKING POC
NukeViet 4.4 - CSRF
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.
CVSS 6.5
CVE-2020-13156 EXPLOITDB MEDIUM text WORKING POC
NukeViet 4.4 - CSRF
modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
CVSS 6.5
CVE-2020-13155 EXPLOITDB HIGH text WORKING POC
NukeViet 4.4 - CSRF
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
CVSS 8.8