includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-31T04:19:46

Updated: 2024-08-04T20:54:28.345Z

Reserved: 2019-02-11T00:00:00

Link: CVE-2019-7725

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-31T05:15:10.577

Modified: 2024-11-21T04:48:35.067

Link: CVE-2019-7725

cve-icon Redhat

No data.