Nexusphp@1.5 Security Vulnerabilities and Issues — Nexusphp@1.5 CVE List

Lucene search

Nexusphp ProjectNexusphp1.5

16 matches found

CVE•added 2017/08/17 8:29 p.m.•48 views

CVE-2017-12908

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.

9.8CVSS9.9AI score0.00487EPSS

CVE•added 2017/08/17 8:29 p.m.•46 views

CVE-2017-12909

SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.

9.8CVSS9.9AI score0.00487EPSS

CVE•added 2017/09/07 1:29 p.m.•45 views

CVE-2017-12906

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.

6.1CVSS6AI score0.00238EPSS

CVE•added 2017/08/10 6:29 p.m.•44 views

CVE-2017-12798

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2017/08/07 8:29 p.m.•43 views

CVE-2017-12655

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2017/08/18 4:29 p.m.•41 views

CVE-2017-12680

Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2017/09/07 1:29 p.m.•39 views

CVE-2017-12838

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.

8.8CVSS8.7AI score0.00123EPSS

CVE•added 2017/08/17 8:29 p.m.•39 views

CVE-2017-12910

SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.

9.8CVSS9.9AI score0.00487EPSS

CVE•added 2017/09/17 9:29 p.m.•39 views

CVE-2017-14512

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.

9.8CVSS9.9AI score0.0025EPSS

CVE•added 2017/10/03 1:29 a.m.•38 views

CVE-2017-12792

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.

6.1CVSS6.5AI score0.01533EPSS

CVE•added 2017/08/17 8:29 p.m.•38 views

CVE-2017-12907

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2017/10/15 3:29 a.m.•38 views

CVE-2017-15305

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.

6.1CVSS5.9AI score0.00235EPSS

CVE•added 2017/08/18 5:29 p.m.•37 views

CVE-2017-12776

SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.

9.8CVSS9.9AI score0.00487EPSS

CVE•added 2017/08/09 9:29 p.m.•36 views

CVE-2017-12777

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2017/09/12 7:29 p.m.•36 views

CVE-2017-14347

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2017/09/18 4:29 a.m.•36 views

CVE-2017-14534

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.

6.1CVSS5.9AI score0.0024EPSS