CSRF Vulnerability in NukeViet 4.4 Web Management System
CVE-2020-13155

8.8HIGH

Key Information:

Vendor: Nukeviet
Status: Nukeviet
Vendor: CVE Published:; 23 June 2020

Badges

👾 Exploit Exists

What is CVE-2020-13155?

NukeViet 4.4 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to manipulate the deltype parameter in the clearsystem.php script. This flaw enables unauthorized access and results in HTML injection by accessing the admin/index.php?nv=webtools&op=clearsystem URI. Attackers can exploit this vulnerability to execute arbitrary HTML or JavaScript code within the context of the affected web application, posing significant risks to users and the integrity of the system.

References

https://nukeviet.vn/en/

x_refsource_MISC

https://www.exploit-db.com/exploits/48489

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 23, 2020
👾
Exploit known to exist
Jun 23, 2020
Vulnerability published
Jun 23, 2020
Vulnerability Reserved
May 18, 2020

CVE-2020-13155 Data

JSON

Nukeviet

Badges

What is CVE-2020-13155?

References

CVSS V3.1

Timeline