Arbitrary Code Execution Vulnerability in Nukeviet CMS by Nukeviet Holdings
CVE-2024-36531

5.7MEDIUM

Key Information:

Vendor: Nukeviet Holdings
Status: Nukeviet CMS
Vendor: CVE Published:; 10 June 2024

🔔 Create Nukeviet Holdings Vulnerability Alert

What is CVE-2024-36531?

Nukeviet CMS versions 4.5 and prior, along with Nukeviet-eGov version 1.2.02 and earlier, expose a serious security flaw through the /admin/extensions/upload.php component. This vulnerability allows an attacker to execute arbitrary code remotely, compromising the integrity of the affected systems. Users of these versions should take immediate action to secure their installations to prevent unauthorized access and potential exploitation.

References

https://mat4mee.notion.site/Module-upload-in-nukeViet-lea...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2024

CVE-2024-36531 Data

JSON