CVE-2020-13155
packagist/nukeviet/nukeviet
Cross-Site Request Forgery (CSRF)
clearsystem.php
in NukeViet allows CSRF with resultant HTML injection via the deltype
parameter to the admin/index.php?nv=webtools&op=clearsystem
URI.
Version 4.4
Upgrade to version 4.4.01 or above.
2020-06-29
source |