CVE-2019-7725

Published: Dec 31, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).

Affected (1)

Products: Nukeviet: Nukeviet

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nukeviet Nukeviet	Before 4.3.04

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (8)

https://github.com/nukeviet/nukeviet/blob/4.3.04/CHANGELOG.txt

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/nukeviet/nukeviet/blob/nukeviet4.3/CHANGELOG.txt

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/nukeviet/nukeviet/compare/4.3.03...4.3.04

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/nukeviet/nukeviet/pull/2740/commits/05dfb9b4531f12944fe39556f58449b9a56241be

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/nukeviet/nukeviet/blob/4.3.04/CHANGELOG.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/nukeviet/nukeviet/blob/nukeviet4.3/CHANGELOG.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/nukeviet/nukeviet/compare/4.3.03...4.3.04

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/nukeviet/nukeviet/pull/2740/commits/05dfb9b4531f12944fe39556f58449b9a56241be

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.