Vulnerabilities > CVE-2022-46890 - Unspecified vulnerability in Nexusphp 1.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- https://github.com/xiaomlove/nexusphp/releases/tag/v1.7.33
- https://github.com/xiaomlove/nexusphp/releases/tag/v1.7.33
- https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities
- https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities