Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nexusphp Subscribe
Filtered by product Nexusphp
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-46888 1 Nexusphp 1 Nexusphp 2023-01-25 N/A 6.1 MEDIUM
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.
CVE-2022-46887 1 Nexusphp 1 Nexusphp 2023-01-25 N/A 9.8 CRITICAL
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php.
CVE-2022-46889 1 Nexusphp 1 Nexusphp 2023-01-25 N/A 5.4 MEDIUM
A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php.
CVE-2022-46890 1 Nexusphp 1 Nexusphp 2023-01-25 N/A 4.3 MEDIUM
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).
CVE-2020-24771 1 Nexusphp 1 Nexusphp 2022-11-07 5.0 MEDIUM 7.5 HIGH
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.
CVE-2020-24770 1 Nexusphp 1 Nexusphp 2022-04-05 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2020-24769 1 Nexusphp 1 Nexusphp 2022-04-05 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
CVE-2017-11651 1 Nexusphp 1 Nexusphp 2020-03-03 4.3 MEDIUM 6.1 MEDIUM
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
CVE-2017-14069 1 Nexusphp 1 Nexusphp 2017-09-06 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
CVE-2017-14076 1 Nexusphp 1 Nexusphp 2017-09-05 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
CVE-2017-14070 1 Nexusphp 1 Nexusphp 2017-09-05 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
CVE-2017-13669 1 Nexusphp 1 Nexusphp 2017-08-28 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
CVE-2017-12679 1 Nexusphp 1 Nexusphp 2017-08-28 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-12981 1 Nexusphp 1 Nexusphp 2017-08-25 7.5 HIGH 9.8 CRITICAL
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.