hungnguyenmz - Security Researcher - Exploit Intelligence Platform

CVE-2019-7725 WRITEUP CRITICAL WRITEUP

NukeViet < 4.3.04 - Deserialization of Untrusted Data via nvloginhash Cookie

includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).

CVSS 9.8

View Code

CVE-2019-7726 WRITEUP CRITICAL WRITEUP

NukeViet < 4.3.04 - SQL Injection via HTTP Header Data

modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).

CVSS 9.8

View Code

CVE-2019-7725 WRITEUP CRITICAL WRITEUP

NukeViet < 4.3.04 - Deserialization of Untrusted Data via nvloginhash Cookie

includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).

CVSS 9.8

View Code

CVE-2019-7726 WRITEUP CRITICAL WRITEUP

NukeViet < 4.3.04 - SQL Injection via HTTP Header Data

modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).

CVSS 9.8

View Code