9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-21809

GHSA ID

GHSA-m8jx-mxf9-2rpw

EPSS Score

0.75607%

CWE

CWE-89

Published

5/24/2022

Updated

4/24/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-21809

CVE-2020-21809: NukeViet SQL Injection vulnerability

SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.

Fix Implementation:

Download the update package corresponding to the NukeViet version you are using, extract and upload to hosting according to NukeViet's structure: For NukeViet 4.0 Official (4.0.29) For NukeViet 4.1 Official (4.1.02) For NukeViet 4.2 (4.2.01) As for NukeViet 4.3, you can update according to the notice in the admin page or see here: https://nukeviet.vn/vi/news/Tin-tuc/thong-bao-phat-hanh-nukeviet-4- 3-08-613.html

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-21809

GHSA ID

GHSA-m8jx-mxf9-2rpw

EPSS Score

0.75607%

CWE

CWE-89

Published

5/24/2022

Updated

4/24/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nukeviet/nukeviet	composer	>= 4.0, < 4.0.29	4.0.29
nukeviet/nukeviet	composer	>= 4.1, < 4.1.02	4.1.02
nukeviet/nukeviet	composer	>= 4.2, < 4.2.01	4.2.01
nukeviet/nukeviet	composer	= 4.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsanitized user input being directly used in SQL queries. In detail.php, the listid parameter was split into an array but not validated as integers, enabling injection through crafted listid values. In search_result.php, group_price parameters were used to construct BETWEEN clauses without proper numeric validation. The commit diff shows both were fixed by enforcing integer conversion via array_map('intval'), confirming the lack of input sanitization was the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

SQL Inj**tion vuln*r**ility in Nuk*Vi*t *MS mo*ul* S*ops *.*.** *n* *.* vi* t** (*) listi* p*r*m*t*r in **t*il.p*p *n* t** (*) *roup_pri** or *roupi* p*r*m*t*rs in s**r**_r*sult.p*p. ### *ix Impl*m*nt*tion: *ownlo** t** up**t* p**k*** *orr*spon*in*

Reasoning

T** vuln*r**ility st*ms *rom uns*nitiz** us*r input **in* *ir**tly us** in SQL qu*ri*s. In **t*il.p*p, t** listi* p*r*m*t*r w*s split into *n *rr*y *ut not v*li**t** *s int***rs, *n**lin* inj**tion t*rou** *r**t** listi* v*lu*s. In s**r**_r*sult.p*p,

9.8

Basic Information

Concerned about an active attack path?

CVE-2020-21809: NukeViet SQL Injection vulnerability

Fix Implementation:

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI