CVE-2020-21809

Name of the Vulnerable Software and Affected Versions NukeViet CMS module Shops versions 4.0.29 through 4.3

Description The issue is related to a lack of protection against SQL query structure attacks. Exploitation of this issue may allow a remote attacker to execute arbitrary SQL code through the listid parameter in the "detail.php" script or the group price or groupid parameters in the "search result.php" script.

Recommendations For NukeViet 4.0 Official (4.0.29), download the update package corresponding to the NukeViet version you are using, extract and upload to hosting according to NukeViet's structure. For NukeViet 4.1 Official (4.1.02), download the update package corresponding to the NukeViet version you are using, extract and upload to hosting according to NukeViet's structure. For NukeViet 4.2 (4.2.01), download the update package corresponding to the NukeViet version you are using, extract and upload to hosting according to NukeViet's structure. For NukeViet 4.3, update according to the notice in the admin page.