CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

254 matches found

NVD•added 2017/09/07 1:29 p.m.•17 views

CVE-2017-12838

Cross-site request forgery CSRF vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that 1 send manas via a request to mybonus.php or 2 add administrators via unspecified vectors...

8.8CVSS8.8AI score0.0056EPSS

Exploits1References1

Cvelist•added 2017/09/07 1:0 p.m.•16 views

CVE-2017-12838

8.8AI score0.0056EPSS

Exploits1References1

Cvelist•added 2017/09/07 1:0 p.m.•21 views

CVE-2017-12906

Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...

6.1AI score0.00818EPSS

Exploits1References2

CVE•added 2017/09/07 1:0 p.m.•57 views

CVE-2017-12906

NexusPHP has documented cross-site scripting (XSS) vulnerabilities exploited via PATH_INFO to the endpoints cheaters.php and confirm_resend.php. The CVE entry CVE-2017-12906 references XSS impact on NexusPHP with an attack surface described as network-driven and requires no authentication (CVSSv3...

6.1CVSS6AI score0.00818EPSS

Exploits1References2Affected Software1

CVE•added 2017/09/07 1:0 p.m.•48 views

CVE-2017-12838

NexusPHP 1.5 is affected by a CSRF vulnerability (CVE-2017-12838) that allows remote attackers to hijack user authentication for requests targeting mybonus.php or to add administrator accounts. The issue is confirmed across multiple sources (NVD/CNVD/PRION entries) and is described as a cross‑sit...

8.8CVSS8.7AI score0.0056EPSS

Exploits1References1Affected Software1

CNVD•added 2017/09/07 12:0 a.m.•2 views

Cross-Site Scripting Vulnerability in NexusPHP V1.5

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.3AI score

Exploits0

Positive Technologies•added 2017/09/07 12:0 a.m.•4 views

PT-2017-12766 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the...

6.1CVSS6.4AI score0.00818EPSS

Exploits1References4

CNVD•added 2017/09/01 12:0 a.m.•1 views

NexusPHP 'usernw' Parameter SQL Injection Vulnerability

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A SQL injection vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending the 'usernw' parameter to the nowarn.php file to execute...

9.8CVSS10AI score0.01191EPSS

Exploits1References1

CNVD•added 2017/09/01 12:0 a.m.•2 views

NexusPHP linksmanage.php file SQL injection vulnerability

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A SQL injection vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending the 'id' parameter to the linksmanage.php file to inject...

9.8CVSS9.8AI score0.01137EPSS

Exploits1References1

CNVD•added 2017/09/01 12:0 a.m.•3 views

NexusPHP ipsearch.php file cross-site scripting vulnerability

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending PATHINFO to the ipsearch.php file to obtain the...

6.1CVSS6.1AI score0.00649EPSS

Exploits0References1

OSV•added 2017/08/31 7:29 p.m.•3 views

CVE-2017-14076

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action...

9.8CVSS5.8AI score0.01137EPSS

Exploits1References1

Prion•added 2017/08/31 7:29 p.m.•16 views

Sql injection

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action...

7.5CVSS9.7AI score0.01137EPSS

Exploits1References1Affected Software1

NVD•added 2017/08/31 7:29 p.m.•21 views

CVE-2017-14076

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action...

9.8CVSS9.8AI score0.01137EPSS

Exploits1References1

Cvelist•added 2017/08/31 7:0 p.m.•27 views

CVE-2017-14076

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action...

9.9AI score0.01137EPSS

Exploits1References1

CVE•added 2017/08/31 7:0 p.m.•47 views

CVE-2017-14076

Summary of CVE-2017-14076 : A SQL injection exists in NexusPHP 1.5.beta5.20120707, exploitable via the id parameter to linksmanage.php in the editlink action. Affected component: NexusPHP (PHP-based resource sharing software). Root cause: unsafely concatenated user input in the linksmanage.php ed...

9.8CVSS9.7AI score0.01137EPSS

Exploits1References1Affected Software1

OSV•added 2017/08/31 6:29 p.m.•1 views

CVE-2017-14069

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php...

9.8CVSS5.8AI score

Exploits0References2

Prion•added 2017/08/31 6:29 p.m.•12 views

Sql injection

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php...

7.5CVSS9.7AI score0.01191EPSS

Exploits1References2Affected Software1