CVE-2017-14347

Name of the Vulnerable Software and Affected Versions NexusPHP version 1.5.beta5.20120707

Description The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to the lack of proper validation in the returnto parameter to "fun.php" in a delete action, allowing for malicious code execution.

Recommendations For NexusPHP version 1.5.beta5.20120707, avoid using the returnto parameter in the "fun.php" delete action until a fix is available. As a temporary workaround, consider restricting access to the "fun.php" endpoint to minimize the risk of exploitation.