CVE-2024-36531

EUVD-2024-36145
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
nukevietegovernment
𝑥
≤ 1.2.02
nukevietnukeviet
𝑥
≤ 4.5.05
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
nukevietnukeviet
𝑥
≤ v.4.5
ADP
nukevietnukeviet
𝑥
≤ v.1.2.0.2
ADP
Common Weakness Enumeration
References
https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33
https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33