xiaomlove/nexusphp

xiaomlove/nexusphp

Releases102

Frequency2 weeks 5 days

Last Release about 2 months ago

Stars1.17K

A private tracker application base on NexusPHP

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-46889 ↗	Jan 19, 2023Thursday, 19 January 2023, 19:15	5.4 MEDIUM	—
A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php.
CVE-2022-46890 ↗	Jan 19, 2023Thursday, 19 January 2023, 19:15	4.3 MEDIUM	—
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).
CVE-2022-46887 ↗	Jan 19, 2023Thursday, 19 January 2023, 19:15	9.8 CRITICAL	—
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php.
CVE-2022-46888 ↗	Jan 19, 2023Thursday, 19 January 2023, 19:15	6.1 MEDIUM	—
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.