CVE-2022-46890

Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...

CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...

CVE-2022-46887

Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...

CVE-2022-46890

Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum this is caused by a lack of checks performed by the /forums.php?action=post page...

CVE-2022-46888

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

NexusPHP 跨站脚本漏洞

NexusPHP is a free and open source complete solution for building PT websites. NexusPHP has a security vulnerability that can be exploited by attackers to permanently inject arbitrary web scripts or HTML via the title parameter used in /subtitles.php...

NexusPHP SQL注入漏洞

NexusPHP is a free and open source complete PT site building solution. versions prior to NexusPHP 1.7.33 have a security vulnerability that could be exploited by attackers to allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php...

NexusPHP 跨站脚本漏洞

NexusPHP is a free and open source complete PT website building solution. versions prior to NexusPHP 1.7.33 contain a security vulnerability that could be exploited by attackers to allow remote attackers to inject arbitrary web scripts or HTML via secret parameters in /login.php...

NexusPHP 安全漏洞

NexusPHP is a free and open source complete PT site building solution. A security vulnerability exists in NexusPHP before 1.7.33, which is caused by a missing check executed on the /forums.php?action=post page...

CVE-2022-46887

Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...

PT-2023-15095 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to reflective cross-site scripting XSS attacks. This can be achieved by injecting malicious input int...

PT-2023-15094 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the conuser parameter in "takeconfirm.php", the delcheater parameter in "cheaterbox.php", or the user...

PT-2023-15096 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: A persistent cross-site scripting issue allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter used in the "/subtitles.php" API endpoint...

PT-2023-15097 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue is caused by weak access control, allowing a remote authenticated user to edit any post in the forum. This is due to a lack of checks performed by the "forums.php?action=post" page,...

EUVD-2022-49668

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

CVE-2022-46890

CVE-2022-46890 affects NexusPHP prior to 1.7.33. The issue is a weak access control on the forums.php?action=post endpoint, allowing a remote authenticated user to edit any forum post due to missing checks. Impact is limited to the documented behavior; no exploitation details are provided beyond ...

CVE-2022-46887

NexusPHP versions prior to 1.7.33 contain SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php, the delcheater parameter in cheaterbox.php, or the usernw parameter in nowarn.php. Impact is high (full confidentia...

CVE-2022-46888

CVE-2022-46888 concerns NexusPHP versions before 1.7.33 with multiple reflected XSS vulnerabilities. An attacker can inject arbitrary script/HTML via parameters in several endpoints: /login.php (secret), /user-ban-log.php (q), /log.php (query), /moresmiles.php (text), /myhr.php (q), and /viewrequ...

CVE-2022-46889

CVE-2022-46889 affects NexusPHP prior to 1.7.33, with a persistent XSS in the title parameter of /subtitles.php exploited by remote authenticated attackers to inject arbitrary script/HTML. The issue is mitigated by upgrading to version 1.7.33 or later (see PT-2023-15096). Exploitation status is n...

CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...