CVE-2020-13157
packagist/nukeviet/nukeviet
Cross-Site Request Forgery (CSRF)
The modules\users\admin\edit.php
in NukeViet suffers from CSRF which may allow attackers to change a user's password via the admin/index.php?nv=users&op=edit&userid=
URI. This is due to the old password not being required during the change password function.
Version 4.4
Upgrade to version 4.4.01 or above.
2020-06-29
source |