12 matches found
EUVD-2022-3059
Malicious code in bioql PyPI...
CVE-2020-13157
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users=edit= URI. The old password is not needed...
GHSA-7RW5-6PR4-FGH3 NukeViet Cross-Site Request Forgery (CSRF)
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI...
GHSA-G3XF-85WC-45GQ NukeViet Cross-Site Request Forgery (CSRF)
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed...
CVE-2020-13155
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI...
CVE-2020-13157
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed...
CVE-2020-13157
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed...
Cross site request forgery (csrf)
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI...
Cross site request forgery (csrf)
modules\users\admin\adduser.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=useradd URI...
CVE-2020-13155
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI...
CVE-2020-13156
CVE-2020-13156 affects NukeViet 4.4: the vulnerability lies in modules\users\admin\add_user.php, where CSRF can be abused to add a new user via admin/index.php?nv=users&op=user_add. Exploitation is documented in public advisories (e.g., GitHub GHSA, OSV, Red Hat) and CVSS indicates network access...
CVE-2020-13157
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed...