Primary

Context

Vinades NukeViet Server-Side Request Forgery Vulnerability in Module Handler

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Vinades NukeViet versions prior to 4.5.06. The issue resides in the Module Handler, specifically within the file '/admin/index.php?language=en&nv=upload'. This vulnerability allows remote attackers to manipulate server requests, potentially accessing internal resources or services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal services or resources, bypassing network restrictions.

Reproduction

To reproduce this vulnerability, an account with 'Module Administrator' privileges is required. Once logged in, navigate to the 'upload' endpoint of the 'banners' module. Select the 'Remote upload' option and enter an internal URL pointing to a file, such as an archive or document. After uploading, the file will be accessible for download.

Added: Aug 9, 2025, 8:18 PM

Updated: Aug 9, 2025, 8:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.8

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.8

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vinades NukeViet Server-Side Request Forgery Vulnerability in Module Handler

Vulnerability

Impact

Reproduction

Affected Products

Vinades NukeViet

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating