CVE-2019-7725

Name of the Vulnerable Software and Affected Versions NukeViet versions prior to 4.3.04

Description The issue arises from the deserialization of the untrusted nvloginhash cookie in the includes/core/is user.php file. This is problematic because the code relies on PHP's serialization format, which poses a risk that could be mitigated by using JSON instead.

Recommendations For versions prior to 4.3.04, update to version 4.3.04 or later to resolve the issue. As a temporary workaround, consider restricting access to the includes/core/is user.php file or disabling the deserialization of the nvloginhash cookie until a patch is applied.