CVE-2020-13155: Cross-Site Request Forgery (CSRF)

June 23, 2020 (updated June 29, 2020)

clearsystem.php in NukeViet allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.

References

nukeviet.vn/en/
nvd.nist.gov/vuln/detail/CVE-2020-13155
www.exploit-db.com/exploits/48489

Code Behaviors & Features

Detect and mitigate CVE-2020-13155 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →