CVE-2022-46887
- Source
- https://cve.org/CVERecord?id=CVE-2022-46887
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46887.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-46887
- Published
- 2023-01-19T19:15:10.490Z
- Modified
- 2025-11-14T13:55:04.347486Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php.
- References
Affected packages
Git / github.com/xiaomlove/nexusphp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xiaomlove/nexusphp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.5
v1.6.0
v1.6.0-beta1
v1.6.0-beta10
v1.6.0-beta11
v1.6.0-beta12
v1.6.0-beta13
v1.6.0-beta14
v1.6.0-beta2
v1.6.0-beta3
v1.6.0-beta4
v1.6.0-beta5
v1.6.0-beta6
v1.6.0-beta7
v1.6.0-beta8
v1.6.0-beta9
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.7.0
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.15
v1.7.16
v1.7.17
v1.7.18
v1.7.19
v1.7.2
v1.7.20
v1.7.21
v1.7.22
v1.7.23
v1.7.24
v1.7.25
v1.7.26
v1.7.27
v1.7.28
v1.7.29
v1.7.3
v1.7.30
v1.7.31
v1.7.32
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9