CVE-2020-13155
Cross-Site Request Forgery (CSRF) in packagist/nukeviet/nukeviet
Identifiers
CVE-2020-13155
Package Slug
packagist/nukeviet/nukeviet
Vulnerability
Cross-Site Request Forgery (CSRF)
Description
clearsystem.php in NukeViet allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
Affected Versions
Version 4.4
Solution
Upgrade to version 4.4.01 or above.
Last Modified
2020-06-29
| source |