254 matches found
CVE-2017-12981
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action...
CVE-2017-12981
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action...
CVE-2017-12981
CVE-2017-12981 affects NexusPHP 1.5.beta5.20120707 in forummanage.php. The vulnerability is an SQL Injection via the sort parameter used in an addforum action, as described in the CVE entry. The connected documents confirm the affected component and the injection vector but do not provide exploit...
NexusPHP cross-site scripting vulnerability (CNVD-2017-29454)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
NexusPHP reports.php file SQL injection vulnerability
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A SQL injection vulnerability exists in the reports.php file in NexusPHP version 1.5. A remote attack can exploit this vulnerability to execute arbitrary SQL commands with the 'delreport'...
CVE-2017-12776
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter...
CVE-2017-12776
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter...
CVE-2017-12776
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter...
Sql injection
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter...
CVE-2017-12776
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter...
CVE-2017-12776
CVE-2017-12776 affects NexusPHP 1.5. The reports.php file’s delreport parameter is vulnerable to SQL injection, enabling remote attackers to execute arbitrary SQL commands. Documented impact is high (CVSS v2 base 7.5, v3 base 9.8). No remediation details are provided in the connected documents; e...
CVE-2017-12680
Cross-Site Scripting XSS exists in NexusPHP 1.5 via the type parameter to shoutbox.php...
Cross site scripting
Cross-Site Scripting XSS exists in NexusPHP 1.5 via the type parameter to shoutbox.php...
CVE-2017-12680
Cross-Site Scripting XSS exists in NexusPHP 1.5 via the type parameter to shoutbox.php...
CVE-2017-12680
Cross-Site Scripting XSS exists in NexusPHP 1.5 via the type parameter to shoutbox.php...
CVE-2017-12680
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. The description indicates the vulnerability arises from input handling for the type parameter, enabling script injection. Affected software is NexusPHP 1.5 (PHP-based resource sharing software). This CVE is ...
NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-220460)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
NexusPHP SQL Injection Vulnerability (CNVD-2017-220447)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A SQL injection vulnerability exists in the modtask.php file in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the...
Sql injection
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter...
CVE-2017-12909
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter...