CSRF Vulnerability in NukeViet 4.4 Allows Unauthorized Password Change

CSRF Vulnerability in NukeViet 4.4 Allows Unauthorized Password Change

CVE-2020-13157 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.

Learn more about our User Device Pen Test.