Cross-Site Request Forgery Vulnerability in NukeViet by NukeViet Team
CVE-2020-13156

6.5MEDIUM

Key Information:

Vendor

Nukeviet

Status
Nukeviet
Vendor
CVE Published:
23 June 2020

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2020-13156?

The vulnerability found in NukeViet 4.4 permits attackers to exploit Cross-Site Request Forgery (CSRF) by allowing unauthorized creation of user accounts. This occurs via a specific URI, enabling an attacker to execute actions within the application's admin panel without the victim's consent. Proper security measures should be implemented to mitigate this risk, including CSRF tokens and validation checks.

References

https://nukeviet.vn/en/
x_refsource_MISC
https://www.exploit-db.com/exploits/48489
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.