{"id":"CVE-2024-36531","details":"nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component.","modified":"2026-04-10T05:21:09.706530Z","published":"2024-06-10T15:15:52.550Z","references":[{"type":"EVIDENCE","url":"https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nukeviet/egovernment","events":[{"introduced":"0"},{"last_affected":"09875af2997caa7d02d42569f0ed83fd0ca25c45"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.02"}]}},{"type":"GIT","repo":"https://github.com/nukeviet/nukeviet","events":[{"introduced":"0"},{"last_affected":"fdf0e407808a6d96704bb1799e9bc9474de97514"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.5.05"}]}}],"versions":["1.0.00","1.0.01","1.0.02","1.0.03","1.0.04","1.0.05","1.1.00","1.1.02","1.2.00","1.2.01","1.2.02","3.0.05","3.0.06","3.0.07","3.0.08","3.0.12","3.1","3.1.00","3.1.01","3.1.02","3.1.03","3.2.00","3.3","3.4.02","4.0.00","4.0.01","4.0.02","4.0.03","4.0.05","4.0.06","4.0.07","4.0.09","4.0.10","4.0.11","4.0.12","4.0.13","4.0.14","4.0.15","4.0.16","4.0.17","4.0.18","4.0.21","4.0.22","4.0.26","4.1.01","4.1.02","4.2.02","4.3.00","4.3.02","4.3.03","4.3.04","4.3.05","4.3.06","4.3.07","4.3.08","4.4.00","4.4.01","4.4.02","4.5.00","4.5.01","4.5.02","4.5.03","4.5.04","4.5.05"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36531.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L"}]}