Lucene search

Veracode Vulnerability DatabaseVERACODE:47588

HistoryJun 18, 2024 - 6:12 a.m.

Code Injection

2024-06-1806:12:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

code injection

improper validation

server exploitation

software

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

AI Score

7.8

Confidence

High

JSON

nukeviet/nukeviet is vulnerable to Code Injection. The vulnerability is due to improper validation in the /admin/extensions/upload.php component. An attacker can exploit this vulnerability to execute arbitrary code on the server.

References

github.com/nukeviet/nukeviet/commit/60f9fc206344bcab02c72622760ec6e1e25154c4

mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

AI Score

7.8

Confidence

High

JSON

Related for VERACODE:47588