Vulnerabilities > Nexusphp Project

DATE CVE VULNERABILITY TITLE RISK
2017-08-17 CVE-2017-12909 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
network
low complexity
nexusphp-project CWE-89
critical
9.8
2017-08-17 CVE-2017-12908 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
network
low complexity
nexusphp-project CWE-89
critical
9.8
2017-08-17 CVE-2017-12907 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
network
low complexity
nexusphp-project CWE-79
6.1
2017-08-10 CVE-2017-12798 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
network
low complexity
nexusphp-project CWE-79
6.1
2017-08-09 CVE-2017-12777 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
network
low complexity
nexusphp-project CWE-79
6.1
2017-08-07 CVE-2017-12655 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
network
low complexity
nexusphp-project CWE-79
6.1