CVE-2020-13156

Name of the Vulnerable Software and Affected Versions NukeViet version 4.4

Description The issue allows for Cross-Site Request Forgery (CSRF) attacks, enabling an attacker to add a user account via the "admin/index.php?nv=users&op=user add" URI. This is possible due to a vulnerability in the "modulesusersadminadd user.php" file.

Recommendations For NukeViet version 4.4, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to the "admin/index.php?nv=users&op=user add" URI to minimize the risk of exploitation.