Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9574

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2014-9574
Last Modified 03 Feb 2015 10:43:05
Published 03 Feb 2015 11:59:08
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9574

Summary

Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.

Vulnerable Systems

Application

  • Fluxbb 1.5.7


References

MISC - https://www.htbridge.com/advisory/HTB23246

CONFIRM - https://fluxbb.org/forums/viewtopic.php?id=8203

XF - fluxbb-cve20149574-file-include(100506)


Last Updated: 27 May 2016 11:07:41