CVE-2020-21809

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-21809

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21809.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-21809

Aliases

GHSA-m8jx-mxf9-2rpw

Published

2021-07-30T14:15:13.703Z

Modified

2026-04-10T04:24:48.445341Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) groupprice or groupid parameters in searchresult.php.

References

Affected packages

Git / github.com/nukeviet/module-shops

Affected ranges

Type: GIT
Repo: https://github.com/nukeviet/module-shops
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

742c0e0f74364f7250c2a69f0a957d4e6317be68

Type: GIT
Repo: https://github.com/nukeviet/module-shops
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

742c0e0f74364f7250c2a69f0a957d4e6317be68

Affected versions

4.*

4.0.08

4.0.09

4.0.10

4.0.12

4.0.13

4.0.14

4.0.15

4.0.18

4.0.25

4.0.29

4.3.00

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21809.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "4.0.29"
            },
            {
                "last_affected": "4.3"
            }
        ]
    }
]