GHSA-32WR-8WXM-852C Deserialization of Untrusted Data in NukeViet

includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...

Remote Code Execution (RCE)

nukeviet/nukeviet is vulnerable to remote code execution. The vulnerability exists due to the lack of verification and sanitization of an untrusted nvloginhash cookie...

CVE-2019-7725

includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...