254 matches found
CVE-2017-12907
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the url path to usersearch.php...
CVE-2017-12910
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter...
CVE-2017-12908
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter...
Cross site scripting
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the url path to usersearch.php...
Sql injection
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter...
Sql injection
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter...
CVE-2017-12909
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter...
CVE-2017-12910
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter...
CVE-2017-12907
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the url path to usersearch.php...
CVE-2017-12908
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter...
CVE-2017-12907
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the url path to usersearch.php...
CVE-2017-12908
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter...
CVE-2017-12909
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter...
CVE-2017-12910
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter...
CVE-2017-12910
CVE-2017-12910 is a SQL injection affecting NexusPHP 1.5, specifically in massmail.php where the or parameter enables remote execution of arbitrary SQL. The issue has been corroborated across multiple sources (NVD/CNVD/CVE listings). Root cause: unsafely constructed SQL via user-supplied input le...
CVE-2017-12907
The CVE-2017-12907 entry describes a Cross-Site Scripting (XSS) vulnerability in NexusPHP version 1.5 that is exploitable via the URL path to usersearch.php. The Connected documents corroborate NexusPHP 1.5 as affected, with the issue located in the usersearch.php path. There are no details here ...
CVE-2017-12908
NexusPHP 1.5 is affected by a SQL injection in takeconfirm.php via the conusr parameter. The root cause is an unsafe handling of input that allows remote attackers to execute arbitrary SQL commands. The CVE description and multiple connected sources confirm this vulnerability; however, the provid...
CVE-2017-12909
NexusPHP 1.5 is affected by a SQL injection in modtask.php via the userid parameter, allowing remote attackers to execute arbitrary SQL commands. This vulnerability is reported across multiple sources (e.g., CNVD-2017-22044, NVD CVE-2017-12909) and is exploitable remotely with no authentication r...
NexusPHP V1.5 suffers from SQL Injection Vulnerability
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A SQL injection vulnerability exists in NexusPHP v1.5, due to the program cheaterbox.php file fails to strictly filter the conusr parameter. Attackers can use this vulnerability to obtain...
NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-20933)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in the searchsuggest.php file in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML with th...