Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in...
9.8CVSS
10AI Score
0.001EPSS
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q...
6.1CVSS
6AI Score
0.001EPSS
A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in...
5.4CVSS
5AI Score
0.001EPSS
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post...
4.3CVSS
4.5AI Score
0.001EPSS
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes...
9.8CVSS
9.9AI Score
0.001EPSS
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published...
7.5CVSS
7.5AI Score
0.001EPSS
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id...
9.8CVSS
9.9AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to...
6.1CVSS
7.1AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to...
6.1CVSS
6.5AI Score
0.001EPSS
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than...
9.8CVSS
9.8AI Score
0.002EPSS
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete...
6.1CVSS
6.4AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified...
8.8CVSS
7.8AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2)...
6.1CVSS
6.3AI Score
0.001EPSS
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink...
9.8CVSS
8.7AI Score
0.002EPSS
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to...
6.1CVSS
6.5AI Score
0.001EPSS
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to...
9.8CVSS
8.7AI Score
0.002EPSS
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to...
9.8CVSS
8.7AI Score
0.002EPSS
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to...
9.8CVSS
8.7AI Score
0.002EPSS
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum...
9.8CVSS
9.8AI Score
0.002EPSS
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport...
9.8CVSS
9.3AI Score
0.002EPSS
6.1CVSS
6.4AI Score
0.001EPSS
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or...
9.8CVSS
9.3AI Score
0.002EPSS
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr...
9.8CVSS
9.3AI Score
0.002EPSS
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid...
9.8CVSS
9.3AI Score
0.002EPSS
6.1CVSS
6.4AI Score
0.001EPSS
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to...
6.1CVSS
6.4AI Score
0.001EPSS
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to...
6.1CVSS
6.4AI Score
0.001EPSS
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog...
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id...
8.5AI Score
0.001EPSS