2 matches found
CVE-2017-12910
CVE-2017-12910 is a SQL injection affecting NexusPHP 1.5, specifically in massmail.php where the or parameter enables remote execution of arbitrary SQL. The issue has been corroborated across multiple sources (NVD/CNVD/CVE listings). Root cause: unsafely constructed SQL via user-supplied input le...
CVE-2017-12910
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter...