Security Advisory

CVE-2019-7725

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-31 04:19:46

Last updated 2024-08-04 20:54:28

Assigner mitre

State PUBLISHED

Description

includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHPs serialization format when JSON can be used to eliminate the risk).

← Browse all CVEs View on cve.org ↗