CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.6%

CVSS Severity

CVSS v3 Score 8.8

References

https://mat4mee.notion.site/2-bug-chains-in-nukeViet-lead-to-RCE-bdd42b20b05a448fbe87c752b41bb15f
https://mat4mee.notion.site/2-bug-chains-in-nukeViet-lead-to-RCE-bdd42b20b05a448fbe87c752b41bb15f

Products affected by CVE-2024-36528

Nukeviet » Nukeviet » Version: Any

cpe:2.3:a:nukeviet:nukeviet:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36528

Products

Pricing

Contact Us