CVE-2020-13156
packagist/nukeviet/nukeviet
Cross-Site Request Forgery (CSRF)
The modules\users\admin\add_user.php
in NukeViet suffers from CSRF which may allow attackers to trick victim administrators into adding a user account via the admin/index.php?nv=users&op=user_add
URI.
Version 4.4
Upgrade to version 4.4.01 or above.
2020-06-29
source |