Product
An unauthenticated attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in NukeViet by spoofing the X-Forwarded-Host and X-Forwarded-Proto HTTP headers, allowing the server to make a cURL request to an attacker-controlled host without validation for internal host/port discovery and cache poisoning. The vulnerability affects NukeViet versions prior to 4.6.00.