CVE-2019-7725

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-7725

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7725.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-7725

Aliases

GHSA-32wr-8wxm-852c

Published

2020-12-31T05:15:10.577Z

Modified

2026-04-10T04:28:55.777723Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).

References

Affected packages

Git / github.com/nukeviet/nukeviet

Affected ranges

Type

GIT

Repo

https://github.com/nukeviet/nukeviet

Events

Introduced

Fixed

108aafb03fe1ea3a747d4c96a3aa9486d3bf16b6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.3.04"
        }
    ]
}

Affected versions

3.*

3.0.05

3.0.06

3.0.07

3.0.08

3.0.12

3.1

3.1.00

3.1.01

3.1.02

3.1.03

3.2.00

3.3

3.4.02

4.*

4.0.00

4.0.01

4.0.02

4.0.03

4.0.05

4.0.06

4.0.07

4.0.09

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.16

4.0.17

4.0.18

4.0.21

4.0.22

4.0.26

4.1.01

4.1.02

4.2.02

4.3.00

4.3.02

4.3.03

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7725.json"