CVE-2022-46890
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-46890
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46890.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-46890
- Published
- 2023-01-19T19:15:11.307Z
- Modified
- 2025-11-14T13:55:03.351227Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).
- References
Affected packages
Git / github.com/xiaomlove/nexusphp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xiaomlove/nexusphp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.5
v1.6.0
v1.6.0-beta1
v1.6.0-beta10
v1.6.0-beta11
v1.6.0-beta12
v1.6.0-beta13
v1.6.0-beta14
v1.6.0-beta2
v1.6.0-beta3
v1.6.0-beta4
v1.6.0-beta5
v1.6.0-beta6
v1.6.0-beta7
v1.6.0-beta8
v1.6.0-beta9
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.7.0
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.15
v1.7.16
v1.7.17
v1.7.18
v1.7.19
v1.7.2
v1.7.20
v1.7.21
v1.7.22
v1.7.23
v1.7.24
v1.7.25
v1.7.26
v1.7.27
v1.7.28
v1.7.29
v1.7.3
v1.7.30
v1.7.31
v1.7.32
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9