Vulnerabilities > Nexusphp

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-19	CVE-2022-46887	SQL Injection vulnerability in Nexusphp 1.5 Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php. network low complexity nexusphp CWE-89 critical	9.8
2023-01-19	CVE-2022-46888	Cross-site Scripting vulnerability in Nexusphp 1.5 Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. network low complexity nexusphp CWE-79	6.1
2023-01-19	CVE-2022-46889	Cross-site Scripting vulnerability in Nexusphp 1.5 A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php. network low complexity nexusphp CWE-79	5.4
2023-01-19	CVE-2022-46890	Unspecified vulnerability in Nexusphp 1.5 Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page). network low complexity nexusphp	4.3
2022-03-30	CVE-2020-24769	SQL Injection vulnerability in Nexusphp 1.5 SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. network low complexity nexusphp CWE-89 critical	9.8
2022-03-30	CVE-2020-24770	SQL Injection vulnerability in Nexusphp 1.5 SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. network low complexity nexusphp CWE-89 critical	9.8
2022-03-30	CVE-2020-24771	Incorrect Authorization vulnerability in Nexusphp 1.5 Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. network low complexity nexusphp CWE-863	7.5
2017-08-31	CVE-2017-14076	SQL Injection vulnerability in Nexusphp 1.5 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. network low complexity nexusphp CWE-89 critical	9.8
2017-08-31	CVE-2017-14070	Cross-site Scripting vulnerability in Nexusphp 1.5 Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. network low complexity nexusphp CWE-79	6.1
2017-08-31	CVE-2017-14069	SQL Injection vulnerability in Nexusphp 1.5 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. network low complexity nexusphp CWE-89 critical	9.8

Vulnerabilities > Nexusphp {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Nexusphp"}]}

Vulnerabilities > Nexusphp