SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.

Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.