CVE-2020-13157

Name of the Vulnerable Software and Affected Versions NukeViet version 4.4

Description The issue allows for a Cross-Site Request Forgery (CSRF) attack to change a user's password without needing the old password. This is achieved through the admin/index.php?nv=users&op=edit&userid= URI in the modulesusersadminedit.php file.

Recommendations For NukeViet version 4.4, consider implementing CSRF protection measures to prevent unauthorized password changes. As a temporary workaround, restrict access to the admin/index.php?nv=users&op=edit&userid= URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.