Home/Product/nexusphp project nexusphp
Product

nexusphp project nexusphp

31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2022-46890
< 1.7.33
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by
4.3MEDIUM
 CVE-2022-46889
< 1.7.33
A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanent
5.4MEDIUM
 CVE-2022-46888
< 1.7.33
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrar
6.1MEDIUM
 CVE-2022-46887
< 1.7.33
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the
9.8CRITICAL
 CVE-2020-24771
all versions
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.
7.5HIGH
 CVE-2020-24770
all versions
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id p
9.8CRITICAL
 CVE-2020-24769
all versions
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the c
9.8CRITICAL
 CVE-2017-15305
all versions
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.
6.1MEDIUM
 CVE-2017-12792
all versions
Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of
6.1MEDIUM
 CVE-2017-14534
all versions
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.
6.1MEDIUM
 CVE-2017-14512
all versions
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulner
9.8CRITICAL
 CVE-2017-14347
all versions
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.
6.1MEDIUM
 CVE-2017-12906
all versions
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via
6.1MEDIUM
 CVE-2017-12838
all versions
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for
8.8HIGH
 CVE-2017-14076
all versions
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
9.8CRITICAL
 CVE-2017-14070
all versions
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
6.1MEDIUM
 CVE-2017-14069
all versions
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
9.8CRITICAL
 CVE-2017-13669
all versions
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
9.8CRITICAL
 CVE-2017-12679
all versions
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
9.8CRITICAL
 CVE-2017-12981
all versions
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
9.8CRITICAL
 CVE-2017-12776
all versions
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delre
9.8CRITICAL
 CVE-2017-12680
all versions
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
6.1MEDIUM
 CVE-2017-12910
all versions
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or p
9.8CRITICAL
 CVE-2017-12909
all versions
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the useri
9.8CRITICAL
 CVE-2017-12908
all versions
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the c
9.8CRITICAL
 CVE-2017-12907
all versions
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
6.1MEDIUM
 CVE-2017-12798
all versions
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
6.1MEDIUM
 CVE-2017-12777
all versions
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
6.1MEDIUM
 CVE-2017-12655
all versions
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
6.1MEDIUM
 CVE-2017-11651
all versions
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
6.1MEDIUM
 CVE-2011-4026
all versions
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id par
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Detection coverage workspace
Saved stacks
SIEM query builder
Detection rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Detection coverage Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh