Name | Description |
---|---|
CVE-2022-46890 | Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page). |
CVE-2022-46889 | A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php. |
CVE-2022-46888 | Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. |
CVE-2022-46887 | Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php. |
CVE-2020-24771 | Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. |
CVE-2020-24770 | SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
CVE-2020-24769 | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. |
CVE-2017-15305 | XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. |
CVE-2017-14534 | Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. |
CVE-2017-14512 | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. |
CVE-2017-14347 | NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. |
CVE-2017-14076 | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. |
CVE-2017-14070 | Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. |
CVE-2017-14069 | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. |
CVE-2017-13669 | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. |
CVE-2017-12981 | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. |
CVE-2017-12910 | SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. |
CVE-2017-12909 | SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. |
CVE-2017-12908 | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. |
CVE-2017-12907 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. |
CVE-2017-12906 | Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. |
CVE-2017-12838 | Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors. |
CVE-2017-12798 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php. |
CVE-2017-12792 | Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php. |
CVE-2017-12777 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php. |
CVE-2017-12776 | SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. |
CVE-2017-12680 | Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. |
CVE-2017-12679 | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. |
CVE-2017-12655 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action. |
CVE-2017-11651 | NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. |
CVE-2011-4026 | SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select “Other” from dropdown)
|
||