CVE-2020-13156: Cross-Site Request Forgery (CSRF)

June 23, 2020 (updated June 29, 2020)

The modules\users\admin\add_user.php in NukeViet suffers from CSRF which may allow attackers to trick victim administrators into adding a user account via the admin/index.php?nv=users&op=user_add URI.

References

nukeviet.vn/en/
nvd.nist.gov/vuln/detail/CVE-2020-13156
www.exploit-db.com/exploits/48489

Detect and mitigate CVE-2020-13156 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →