RSS   Vulnerabilities for 'Fluxbb'   RSS

2015-02-03
 
CVE-2014-9574

CWE-22
 

 
Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.

 
2015-01-13
 
CVE-2014-10030

CWE-Other
 

 
Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

 
 
CVE-2014-10029

CWE-89
 

 
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.

 


Copyright 2017, cxsecurity.com