CVE-2020-13157: Cross-Site Request Forgery (CSRF)

June 23, 2020 (updated June 29, 2020)

The modules\users\admin\edit.php in NukeViet suffers from CSRF which may allow attackers to change a user’s password via the admin/index.php?nv=users&op=edit&userid= URI. This is due to the old password not being required during the change password function.

References

nukeviet.vn/en/
nvd.nist.gov/vuln/detail/CVE-2020-13157
www.exploit-db.com/exploits/48489

Detect and mitigate CVE-2020-13157 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →