16 matches found
CVE-2017-12908
NexusPHP 1.5 is affected by a SQL injection in takeconfirm.php via the conusr parameter. The root cause is an unsafe handling of input that allows remote attackers to execute arbitrary SQL commands. The CVE description and multiple connected sources confirm this vulnerability; however, the provid...
CVE-2017-12906
NexusPHP has documented cross-site scripting (XSS) vulnerabilities exploited via PATH_INFO to the endpoints cheaters.php and confirm_resend.php. The CVE entry CVE-2017-12906 references XSS impact on NexusPHP with an attack surface described as network-driven and requires no authentication (CVSSv3...
CVE-2017-12909
NexusPHP 1.5 is affected by a SQL injection in modtask.php via the userid parameter, allowing remote attackers to execute arbitrary SQL commands. This vulnerability is reported across multiple sources (e.g., CNVD-2017-22044, NVD CVE-2017-12909) and is exploitable remotely with no authentication r...
CVE-2017-12798
CVE-2017-12798 concerns a Cross-Site Scripting (XSS) vulnerability in NexusPHP version 1.5, exploitable via the q parameter to searchsuggest.php. The Red Hat, CNVD, NVD, and other connected records consistently describe a reflected/online XSS risk originating from unsanitized input in the q param...
CVE-2017-12655
NexusPHP 1.5 is affected by a Cross-Site Scripting (XSS) vulnerability in log.php, dailylog action, exploitable via the query parameter. The vulnerability allows injection of Web script/HTML and, per CVE data, has PII-impacting integrity (I) but no confidentiality or availability impacts reported...
CVE-2017-12680
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. The description indicates the vulnerability arises from input handling for the type parameter, enabling script injection. Affected software is NexusPHP 1.5 (PHP-based resource sharing software). This CVE is ...
CVE-2017-15305
The CVE-2017-15305 entry describes a cross-site scripting (XSS) vulnerability in NexusPHP 1.5 exploitable via the keyword parameter to messages.php. Multiple connected records (CNVD-2017-32401, RH:CVE-2017-15305, NVD/CVE-2017-15305, PRION/CVE-2017-15305, CVELIST/CVE-2017-15305) corroborate an XSS...
CVE-2017-12792
CVE-2017-12792 affects NexusPHP 1.5. Multiple CSRF vulnerabilities enable remote attackers to hijack administrator sessions by issuing requests that trigger XSS via the linkname, url, or title parameters in an add action to linksmanage.php. Root cause: CSRF in NexusPHP 1.5; impact stated as hijac...
CVE-2017-12838
NexusPHP 1.5 is affected by a CSRF vulnerability (CVE-2017-12838) that allows remote attackers to hijack user authentication for requests targeting mybonus.php or to add administrator accounts. The issue is confirmed across multiple sources (NVD/CNVD/PRION entries) and is described as a cross‑sit...
CVE-2017-12910
CVE-2017-12910 is a SQL injection affecting NexusPHP 1.5, specifically in massmail.php where the or parameter enables remote execution of arbitrary SQL. The issue has been corroborated across multiple sources (NVD/CNVD/CVE listings). Root cause: unsafely constructed SQL via user-supplied input le...
CVE-2017-14512
NexusPHP 1.5.beta5.20120707 is affected by SQL injection in forummanage.php. The vulnerability, associated with the sort parameter in forum-management actions (including addforum/editforum), allows remote data access. Public sources (CNVD/CNVD CNVD-2017-27285 and related CVE entries) describe the...
CVE-2017-14534
NVD and multiple public feeds confirm CVE-2017-14534 affects NexusPHP 1.5.beta5.20120707. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via PATH_INFO to location.php, related to PHP_SELF. Impact is limited to partial integrity impact with no confidentiality/availability effec...
CVE-2017-12777
CVE-2017-12777 is a confirmed Cross‑Site Scripting (XSS) vulnerability in NexusPHP v1.5. According to CNVD-2017-28416 and NVD details, a remote attacker can inject arbitrary web script or HTML by sending crafted parameters to the file usersearch.php, potentially affecting pages that render the vu...
CVE-2017-12776
CVE-2017-12776 affects NexusPHP 1.5. The reports.php file’s delreport parameter is vulnerable to SQL injection, enabling remote attackers to execute arbitrary SQL commands. Documented impact is high (CVSS v2 base 7.5, v3 base 9.8). No remediation details are provided in the connected documents; e...
CVE-2017-12907
The CVE-2017-12907 entry describes a Cross-Site Scripting (XSS) vulnerability in NexusPHP version 1.5 that is exploitable via the URL path to usersearch.php. The Connected documents corroborate NexusPHP 1.5 as affected, with the issue located in the usersearch.php path. There are no details here ...
CVE-2017-14347
NexusPHP 1.5.beta5.20120707 is affected by an XSS vulnerability in the returnto parameter of fun.php during a delete action. Descriptions in CVE records and CNVD/NVD references indicate the issue allows script injection in NexusPHP’s admin-facing flow, with CNVD noting potential to obtain the adm...