3 matches found
SUSE CVE-2017-12792
Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...
CVE-2017-12792
Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...
NexusPHP linksmanage.php file SQL injection vulnerability
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A SQL injection vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending the 'id' parameter to the linksmanage.php file to inject...