CVE-2019-7726
CRITICAL WAF: High
CVSS 9.8
Published: 2020-12-31
CWE-89
modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| nukeviet | nukeviet | up to 4.3.04 |
References
- github.com (Release Notes, Third Party Advisory)
- github.com (Release Notes, Third Party Advisory)
- github.com (Release Notes, Third Party Advisory)
- github.com (Patch, Third Party Advisory)