CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

6.1CVSS5.9AI score0.01543EPSS

Exploits1

RedhatCVE•added 2025/05/23 12:24 a.m.•6 views

CVE-2022-46890

Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...

4.3CVSS6.6AI score0.00635EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:24 a.m.•6 views

CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...

5.4CVSS5.2AI score0.60115EPSS

Exploits0

RedhatCVE•added 2025/05/23 12:24 a.m.•6 views

CVE-2022-46887

Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...

9.8CVSS8.9AI score0.19374EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:21 p.m.•5 views

CVE-2020-24769

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter...

9.8CVSS8.8AI score0.01932EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:21 p.m.•6 views

CVE-2020-24770

SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

9.8CVSS8.8AI score0.02372EPSS

Exploits1