254 matches found
CVE-2017-14076
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action...
CVE-2017-14534
Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...
CVE-2017-15305
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php...
SUSE CVE-2017-12792
Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...
Nexus PHP Cross-Site Scripting Vulnerability (CNVD-2023-05399)
NexusPHP is a free and open source complete PT website building solution. versions prior to NexusPHP 1.7.33 contain a security vulnerability that could be exploited by attackers to allow remote attackers to inject arbitrary web scripts or HTML via secret parameters in /login.php...
NexusPHP SQL Injection Vulnerability (CNVD-2023-05400)
NexusPHP is a free and open source complete PT site building solution. versions prior to NexusPHP 1.7.33 have a security vulnerability that could be exploited by attackers to allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php...
Nexus PHP Cross-Site Scripting Vulnerability (CNVD-2023-05398)
NexusPHP is a free and open source complete solution for building PT websites. NexusPHP has a security vulnerability that can be exploited by attackers to permanently inject arbitrary web scripts or HTML via the title parameter used in /subtitles.php...
CVE-2022-46890
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...
CVE-2022-46890
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...
CVE-2022-46889
A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...
CVE-2022-46889
A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...
CVE-2022-46887
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...
CVE-2022-46888
Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...
CVE-2022-46888
Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...
CVE-2022-46887
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...
Cross site scripting
A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...
Cross site scripting
Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...
Sql injection
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...
Design/Logic Flaw
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...
NexusPHP 安全漏洞
NexusPHP is a free and open source complete PT site building solution. A security vulnerability exists in NexusPHP before 1.7.33, which is caused by a missing check executed on the /forums.php?action=post page...