3 matches found
CVE-2019-7725
includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...
CVE-2019-7725
includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...
CVE-2019-7725
The CVE refers to NukeViet before 4.3.04, where includes/core/is_user.php deserializes the untrusted nvloginhash cookie, relying on PHP serialization instead of JSON. This constitutes a deserialization vulnerability that can lead to remote impact, with CVSS metrics indicating high severity (NVD: ...