Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0cXYtZm13Yy1xeHB4
SQL Injection in NukeViet
modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).
Permalink: https://github.com/advisories/GHSA-q4qv-fmwc-qxpxJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0cXYtZm13Yy1xeHB4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 3 years ago
Updated: almost 2 years ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-q4qv-fmwc-qxpx, CVE-2019-7726
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-7726
- https://github.com/nukeviet/nukeviet/pull/2740/commits/05dfb9b4531f12944fe39556f58449b9a56241be
- https://github.com/nukeviet/nukeviet/blob/4.3.04/CHANGELOG.txt
- https://github.com/nukeviet/nukeviet/blob/nukeviet4.3/CHANGELOG.txt
- https://github.com/nukeviet/nukeviet/compare/4.3.03...4.3.04
- https://github.com/advisories/GHSA-q4qv-fmwc-qxpx
Blast Radius: 1.0
Affected Packages
packagist:nukeviet/nukeviet
Dependent packages: 0Dependent repositories: 0
Downloads: 3 total
Affected Version Ranges: < 4.3.04
Fixed in: 4.3.04
All affected versions: 4.0.24
All unaffected versions: 4.4.1