CVE-2024-36528

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36528

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36528.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36528

Aliases

GHSA-mhj4-vrcv-x4xc

Published

2024-06-10T15:15:52Z

Modified

2025-09-16T04:59:40.736558Z

Summary

[none]

Details

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php.

References

https://mat4mee.notion.site/2-bug-chains-in-nukeViet-lead-to-RCE-bdd42b20b05a448fbe87c752b41bb15f

Affected packages

Git / github.com/nukeviet/nukeviet

Affected ranges

Type: GIT
Repo: https://github.com/nukeviet/nukeviet
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

fdf0e407808a6d96704bb1799e9bc9474de97514

Affected versions

3.*

3.0.05

3.0.06

3.0.07

3.0.08

3.0.12

3.1

3.1.00

3.1.01

3.1.02

3.1.03

3.2.00

3.3

3.4.02

4.*

4.0.00

4.0.01

4.0.02

4.0.03

4.0.05

4.0.06

4.0.07

4.0.09

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.16

4.0.17

4.0.18

4.0.21

4.0.22

4.0.23

4.0.24

4.0.25

4.0.26

4.0.27

4.0.28

4.0.29

4.1.01

4.1.02

4.2.02

4.2.03

4.3.00

4.3.01

4.3.02

4.3.03

4.3.04

4.3.05

4.3.06

4.3.07

4.3.08

4.4.00

4.4.01

4.4.02

4.5.00

4.5.01

4.5.02

4.5.03

4.5.04

4.5.05