CVE-2017-12792

MEDIUM

NexusPHP 1.5 - Cross-Site Request Forgery and Cross-Site Scripting via Linksmanage.php Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-12792. PoCs published by ZZS2017.

AI-analyzed exploit summary The repository contains only a README.md file with minimal content, lacking any exploit code or technical details for CVE-2017-12792. It appears to be a placeholder or incomplete submission.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.

Exploits (1)

nomisec STUB

by ZZS2017 · poc

https://github.com/ZZS2017/cve-2017-12792

View Code ZIP pw:eip

The repository contains only a README.md file with minimal content, lacking any exploit code or technical details for CVE-2017-12792. It appears to be a placeholder or incomplete submission.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/UUUUnotfound/cve-2017-12792

Scores

CVSS v3 6.1

EPSS 0.0116

EPSS Percentile 79.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

nexusphp_project/nexusphp 1.5

Published Oct 03, 2017

Tracked Since Feb 18, 2026