CVE-2020-13157

Cross-Site Request Forgery (CSRF) in packagist/nukeviet/nukeviet

Identifiers

CVE-2020-13157

Package Slug

packagist/nukeviet/nukeviet

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

The modules\users\admin\edit.php in NukeViet suffers from CSRF which may allow attackers to change a user's password via the admin/index.php?nv=users&op=edit&userid= URI. This is due to the old password not being required during the change password function.

Affected Versions

Version 4.4

Solution

Upgrade to version 4.4.01 or above.

Last Modified

2020-06-29

source