PT-2017-13498 · Nexusphp · Nexusphp
Published
2017-09-17
·
Updated
2017-09-21
·
CVE-2017-14512
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NexusPHP version 1.5.beta5.20120707
Description
The issue is related to SQL Injection in the forummanage.php file via the
sort parameter in an editforum action.Recommendations
For NexusPHP version 1.5.beta5.20120707, avoid using the
sort parameter in the editforum action until a fix is available. As a temporary workaround, consider restricting access to the forummanage.php file to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nexusphp