[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-10029Date: (C)2015-01-14   (M)2023-12-22


SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://seclists.org/fulldisclosure/2014/Nov/73
SECUNIA-59038
fluxbb-profile-sql-injection(98890)
http://fluxbb.org/forums/viewtopic.php?id=8001
http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html
https://fluxbb.org/development/core/tickets/990/

CPE    7
cpe:/a:fluxbb:fluxbb:1.5.5
cpe:/a:fluxbb:fluxbb:1.5.4
cpe:/a:fluxbb:fluxbb:1.5.6
cpe:/a:fluxbb:fluxbb:1.5.1
...
CWE    1
CWE-89

© SecPod Technologies