Vulnerabilities > Nexusphp

DATE CVE VULNERABILITY TITLE RISK
2023-01-19 CVE-2022-46887 SQL Injection vulnerability in Nexusphp 1.5
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php.
network
low complexity
nexusphp CWE-89
critical
9.8
2023-01-19 CVE-2022-46888 Cross-site Scripting vulnerability in Nexusphp 1.5
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.
network
low complexity
nexusphp CWE-79
6.1
2023-01-19 CVE-2022-46889 Cross-site Scripting vulnerability in Nexusphp 1.5
A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php.
network
low complexity
nexusphp CWE-79
5.4
2023-01-19 CVE-2022-46890 Unspecified vulnerability in Nexusphp 1.5
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).
network
low complexity
nexusphp
4.3
2022-03-30 CVE-2020-24769 SQL Injection vulnerability in Nexusphp 1.5
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
network
low complexity
nexusphp CWE-89
critical
9.8
2022-03-30 CVE-2020-24770 SQL Injection vulnerability in Nexusphp 1.5
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
nexusphp CWE-89
critical
9.8
2022-03-30 CVE-2020-24771 Incorrect Authorization vulnerability in Nexusphp 1.5
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.
network
low complexity
nexusphp CWE-863
7.5
2017-08-31 CVE-2017-14076 SQL Injection vulnerability in Nexusphp 1.5
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
network
low complexity
nexusphp CWE-89
critical
9.8
2017-08-31 CVE-2017-14070 Cross-site Scripting vulnerability in Nexusphp 1.5
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
network
low complexity
nexusphp CWE-79
6.1
2017-08-31 CVE-2017-14069 SQL Injection vulnerability in Nexusphp 1.5
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
network
low complexity
nexusphp CWE-89
critical
9.8