THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-c9xg-64p9-f2jj (high) — NukeViet: Path Traversal to Arbitrary File Deletion in Edit Comment Function

[GHSA] GHSA-c9xg-64p9-f2jj (high) — NukeViet: Path Traversal to Arbitrary File Deletion in Edit Comment Function

medgithub_advisoriesPublished 2026-07-13

GHSA-c9xg-64p9-f2jj Severity: high CVE: CVE-2026-54065

NukeViet: Path Traversal to Arbitrary File Deletion in Edit Comment Function

## Summary

Path Traversal to Arbitrary File Deletion in the Edit Comment admin function. An authenticated administrator can delete arbitrary files within the application root (e.g., `config.php`) by injecting a crafted `attach` parameter, rendering the application

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-c9xg-64p9-f2jj