SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| nukeviet/nukeviet(Packagist) | 4.0 | 4.0.29 | N/A |
| nukeviet/nukeviet(Packagist) | 4.1 | 4.1.02 | N/A |
| nukeviet/nukeviet(Packagist) | 4.2 | 4.2.01 | N/A |
| nukeviet/nukeviet(Packagist) | N/A | N/A | N/A |
CVSS Metrics
