Hungnguyenmz

**Name of the Vulnerable Software and Affected Versions** NukeViet versions prior to 4.3.04 **Description** The issue arises from the deserialization of the untrusted `nvloginhash` cookie in the `includes/core/is user.php` file. This is problematic because the code relies on PHP's serialization format, which poses a risk that could be mitigated by using JSON instead. **Recommendations** For versions prior to 4.3.04, update to version 4.3.04 or later to resolve the issue. As a temporary workaround, consider restricting access to the `includes/core/is user.php` file or disabling the deserialization of the `nvloginhash` cookie until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** NukeViet versions prior to 4.3.04 **Description** The issue concerns a SQL INSERT statement in the click.php file within the modules/banners/funcs directory of NukeViet. This statement inserts raw header data from an HTTP request, including the Referer and User-Agent, into a database. **Recommendations** For versions prior to 4.3.04, update to version 4.3.04 or later to resolve the issue.