CVE-2020-13156
Cross-Site Request Forgery (CSRF) in packagist/nukeviet/nukeviet
Identifiers
CVE-2020-13156
Package Slug
packagist/nukeviet/nukeviet
Vulnerability
Cross-Site Request Forgery (CSRF)
Description
The modules\users\admin\add_user.php in NukeViet suffers from CSRF which may allow attackers to trick victim administrators into adding a user account via the admin/index.php?nv=users&op=user_add URI.
Affected Versions
Version 4.4
Solution
Upgrade to version 4.4.01 or above.
Last Modified
2020-06-29
| source |