GHSA-m8jx-mxf9-2rpw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m8jx-mxf9-2rpw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m8jx-mxf9-2rpw/GHSA-m8jx-mxf9-2rpw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m8jx-mxf9-2rpw
- Aliases
- Published
- 2022-05-24T19:09:25Z
- Modified
- 2024-04-24T20:13:32.883170Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- NukeViet SQL Injection vulnerability
- Details
-
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) groupprice or groupid parameters in searchresult.php.
Fix Implementation:
Download the update package corresponding to the NukeViet version you are using, extract and upload to hosting according to NukeViet's structure: For NukeViet 4.0 Official (4.0.29) For NukeViet 4.1 Official (4.1.02) For NukeViet 4.2 (4.2.01) As for NukeViet 4.3, you can update according to the notice in the admin page or see here: https://nukeviet.vn/vi/news/Tin-tuc/thong-bao-phat-hanh-nukeviet-4- 3-08-613.html
- Database specific
{ "nvd_published_at": "2021-07-30T14:15:00Z", "cwe_ids": [ "CWE-89" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-04-24T19:55:46Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-21809
- https://github.com/nukeviet/module-shops/commit/742c0e0f74364f7250c2a69f0a957d4e6317be68
- https://github.com/nukeviet/nukeviet
- https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html
- https://whitehub.net/submissions/1517
- https://whitehub.net/submissions/1518
Affected packages
Packagist / nukeviet/nukeviet
Package
- Name
- nukeviet/nukeviet
- Purl
- pkg:composer/nukeviet/nukeviet
Packagist / nukeviet/nukeviet
Package
- Name
- nukeviet/nukeviet
- Purl
- pkg:composer/nukeviet/nukeviet
Packagist / nukeviet/nukeviet
Package
- Name
- nukeviet/nukeviet
- Purl
- pkg:composer/nukeviet/nukeviet
Packagist / nukeviet/nukeviet
Package
- Name
- nukeviet/nukeviet
- Purl
- pkg:composer/nukeviet/nukeviet