Focus on nexusphp vulnerabilities and metrics.
Last updated: 08 Mar 2025, 23:25 UTC
This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with nexusphp. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.
For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.
Total nexusphp CVEs: 14
Earliest CVE date: 26 Jul 2017, 08:29 UTC
Latest CVE date: 19 Jan 2023, 19:15 UTC
Latest CVE reference: CVE-2022-46890
30-day Count (Rolling): 0
365-day Count (Rolling): 0
Calendar-based Variation
Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.
Month Variation (Calendar): 0%
Year Variation (Calendar): 0%
Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%
Average CVSS: 4.72
Max CVSS: 7.5
Critical CVEs (≥9): 0
| Range | Count |
|---|---|
| 0.0-3.9 | 4 |
| 4.0-6.9 | 3 |
| 7.0-8.9 | 7 |
| 9.0-10.0 | 0 |
These are the five CVEs with the highest CVSS scores for nexusphp, sorted by severity first and recency.
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).
A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php.
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php.
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.