Skip to main content

Nexusphp

23 CVEs product

Monthly

CVE-2017-15305 MEDIUM POC This Month

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12792 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF PHP Nexusphp
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2017-14534 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14512 CRITICAL POC Act Now

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14347 MEDIUM POC This Month

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12906 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12838 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nexusphp
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-14076 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14070 MEDIUM This Month

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nexusphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14069 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-13669 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-12679 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-12981 CRITICAL POC Act Now

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-12776 CRITICAL POC Act Now

SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12680 MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12910 CRITICAL POC Act Now

SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12909 CRITICAL POC Act Now

SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12908 CRITICAL POC Act Now

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12907 MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12798 MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12777 MEDIUM This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12655 MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11651 MEDIUM POC This Month

NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nexusphp
NVD
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF PHP +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nexusphp
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nexusphp
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nexusphp
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nexusphp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy