Miggo Logo

CVE-2020-13156: NukeViet Cross-Site Request Forgery (CSRF)

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.31351%
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
nukeviet/nukevietcomposer= 4.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the absence of CSRF protection in the user creation functionality. The exploit demonstrates a working CSRF attack using a simple HTML form without requiring any anti-CSRF tokens. The file path modules/users/admin/add_user.php is explicitly referenced in both CVE and GHSA descriptions as the vulnerable component. While the exact function name isn't specified in public disclosures, the operation is triggered through the op=user_add parameter, indicating the handler for this operation in add_user.php is responsible for processing the insecure request.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`mo*ul*s\us*rs\**min\***_us*r.p*p` in Nuk*Vi*t *.* *llows *SR* to *** * us*r ***ount vi* t** `**min/in**x.p*p?nv=us*rs&op=us*r_***` URI.

Reasoning

T** vuln*r**ility st*ms *rom t** **s*n** o* *SR* prot**tion in t** us*r *r**tion *un*tion*lity. T** *xploit **monstr*t*s * workin* *SR* *tt**k usin* * simpl* *TML *orm wit*out r*quirin* *ny *nti-*SR* tok*ns. T** *il* p*t* mo*ul*s/us*rs/**min/***_us*r