Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-10029

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-10029
Last Modified 13 Jan 2015 07:31:48
Published 13 Jan 2015 06:59:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-10029

Summary

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.

Vulnerable Systems

Application

  • Fluxbb 1.4.11

  • Fluxbb 1.5.0

  • Fluxbb 1.5.1

  • Fluxbb 1.5.2

  • Fluxbb 1.5.3

  • Fluxbb 1.5.4

  • Fluxbb 1.5.5

  • Fluxbb 1.5.6


References

CONFIRM - https://fluxbb.org/development/core/tickets/990/

XF - fluxbb-profile-sql-injection(98890)

SECUNIA - 59038

FULLDISC - 20141121 FluxBB <= 1.5.6 SQL Injection

MISC - http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html

CONFIRM - http://fluxbb.org/forums/viewtopic.php?id=8001


Last Updated: 27 May 2016 11:07:31