CVE-2019-7726

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-7726

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7726.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-7726

Aliases

GHSA-q4qv-fmwc-qxpx

Published

2020-12-31T05:15:10.700Z

Modified

2026-04-10T04:28:55.808497Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).

References

Affected packages

Git / github.com/nukeviet/nukeviet

Affected ranges

Type

GIT

Repo

https://github.com/nukeviet/nukeviet

Events

Introduced

Fixed

108aafb03fe1ea3a747d4c96a3aa9486d3bf16b6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.3.04"
        }
    ]
}

Affected versions

3.*

3.0.05

3.0.06

3.0.07

3.0.08

3.0.12

3.1

3.1.00

3.1.01

3.1.02

3.1.03

3.2.00

3.3

3.4.02

4.*

4.0.00

4.0.01

4.0.02

4.0.03

4.0.05

4.0.06

4.0.07

4.0.09

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.16

4.0.17

4.0.18

4.0.21

4.0.22

4.0.26

4.1.01

4.1.02

4.2.02

4.3.00

4.3.02

4.3.03

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7726.json"