Nexusphp Project Nexusphp — known CVE vulnerabilities
Every CVE whose affected-product data names Nexusphp Project Nexusphp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2017-12909 — CVSS 9.8 (critical): SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid…
CVE-2017-12910 — CVSS 9.8 (critical): SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
CVE-2017-12776 — CVSS 9.8 (critical): SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport…
CVE-2017-14512 — CVSS 9.8 (critical): NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability…
CVE-2017-12908 — CVSS 9.8 (critical): SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr…
CVE-2017-12838 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests…
CVE-2017-14534 — CVSS 6.1 (medium): Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.
CVE-2017-12655 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
CVE-2017-12792 — CVSS 6.1 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of…
CVE-2017-12798 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
CVE-2017-12906 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the…