CVE Tools

nexusphp

Web & CMS Pluginsoss-project

10

Cumulative CVEs

2

Monthly snapshots

#61

Peak rank

Top products

Latest CVEs

The 14 most recently published vulnerabilities affecting nexusphp.

CVE-2022-46890Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).4.3Jan 19, 2023
CVE-2022-46889A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used...5.4Jan 19, 2023
CVE-2022-46888Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q para...6.1Jan 19, 2023
CVE-2022-46887Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in...9.8Jan 19, 2023
CVE-2020-24769SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.9.8Mar 30, 2022
CVE-2020-24770SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.9.8Mar 30, 2022
CVE-2020-24771Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.7.5Mar 30, 2022
CVE-2017-14076SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.9.8Aug 31, 2017
CVE-2017-14070Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.6.1Aug 31, 2017
CVE-2017-14069SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.9.8Aug 31, 2017
CVE-2017-13669SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.9.8Aug 24, 2017
CVE-2017-12679SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.9.8Aug 24, 2017
CVE-2017-12981NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.9.8Aug 21, 2017
CVE-2017-11651NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.6.1Jul 26, 2017