Vulnerability Description
modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nukeviet | Nukeviet | < 4.3.04 |
Related Weaknesses (CWE)
References
- https://github.com/nukeviet/nukeviet/blob/4.3.04/CHANGELOG.txtRelease NotesThird Party Advisory
- https://github.com/nukeviet/nukeviet/blob/nukeviet4.3/CHANGELOG.txtRelease NotesThird Party Advisory
- https://github.com/nukeviet/nukeviet/compare/4.3.03...4.3.04Release NotesThird Party Advisory
- https://github.com/nukeviet/nukeviet/pull/2740/commits/05dfb9b4531f12944fe39556fPatchThird Party Advisory
- https://github.com/nukeviet/nukeviet/blob/4.3.04/CHANGELOG.txtRelease NotesThird Party Advisory
- https://github.com/nukeviet/nukeviet/blob/nukeviet4.3/CHANGELOG.txtRelease NotesThird Party Advisory
- https://github.com/nukeviet/nukeviet/compare/4.3.03...4.3.04Release NotesThird Party Advisory
- https://github.com/nukeviet/nukeviet/pull/2740/commits/05dfb9b4531f12944fe39556fPatchThird Party Advisory
FAQ
What is CVE-2019-7726?
CVE-2019-7726 is a vulnerability with a CVSS score of 9.8 (CRITICAL). modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).
How severe is CVE-2019-7726?
CVE-2019-7726 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7726?
Check the references section above for vendor advisories and patch information. Affected products include: Nukeviet Nukeviet.