Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tOGp4LW14ZjktMnJwd84AApWC
NukeViet SQL Injection vulnerability
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
Fix Implementation:
Download the update package corresponding to the NukeViet version you are using, extract and upload to hosting according to NukeViet's structure:
For NukeViet 4.0 Official (4.0.29)
For NukeViet 4.1 Official (4.1.02)
For NukeViet 4.2 (4.2.01)
As for NukeViet 4.3, you can update according to the notice in the admin page or see here: https://nukeviet.vn/vi/news/Tin-tuc/thong-bao-phat-hanh-nukeviet-4- 3-08-613.html
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tOGp4LW14ZjktMnJwd84AApWC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 10 days ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-m8jx-mxf9-2rpw, CVE-2020-21809
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-21809
- https://github.com/nukeviet/module-shops/commit/742c0e0f74364f7250c2a69f0a957d4e6317be68
- https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html
- https://whitehub.net/submissions/1517
- https://whitehub.net/submissions/1518
- https://github.com/advisories/GHSA-m8jx-mxf9-2rpw
Blast Radius: 1.0
Affected Packages
packagist:nukeviet/nukeviet
Dependent packages: 0Dependent repositories: 0
Downloads: 3 total
Affected Version Ranges: = 4.3, >= 4.2, < 4.2.01, >= 4.1, < 4.1.02, >= 4.0, < 4.0.29
Fixed in: , 4.2.01, 4.1.02, 4.0.29
All affected versions: 4.0.24
All unaffected versions: 4.4.1