GHSA-m8jx-mxf9-2rpw

Suggest an improvement
Source
https://github.com/advisories/GHSA-m8jx-mxf9-2rpw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m8jx-mxf9-2rpw/GHSA-m8jx-mxf9-2rpw.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m8jx-mxf9-2rpw
Aliases
Published
2022-05-24T19:09:25Z
Modified
2024-04-24T20:13:32.883170Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
NukeViet SQL Injection vulnerability
Details

SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) groupprice or groupid parameters in searchresult.php.

Fix Implementation:

Download the update package corresponding to the NukeViet version you are using, extract and upload to hosting according to NukeViet's structure: For NukeViet 4.0 Official (4.0.29) For NukeViet 4.1 Official (4.1.02) For NukeViet 4.2 (4.2.01) As for NukeViet 4.3, you can update according to the notice in the admin page or see here: https://nukeviet.vn/vi/news/Tin-tuc/thong-bao-phat-hanh-nukeviet-4- 3-08-613.html

References

Affected packages

Packagist / nukeviet/nukeviet

Package

Name
nukeviet/nukeviet
Purl
pkg:composer/nukeviet/nukeviet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0
Fixed
4.0.29

Affected versions

4.*

4.0.24

Packagist / nukeviet/nukeviet

Package

Name
nukeviet/nukeviet
Purl
pkg:composer/nukeviet/nukeviet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1
Fixed
4.1.02

Packagist / nukeviet/nukeviet

Package

Name
nukeviet/nukeviet
Purl
pkg:composer/nukeviet/nukeviet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.2
Fixed
4.2.01

Packagist / nukeviet/nukeviet

Package

Name
nukeviet/nukeviet
Purl
pkg:composer/nukeviet/nukeviet

Affected ranges

Affected versions

4.*

4.3