CVE-2014-10029

2015-01-1311:00:00

mitre

www.cve.org

AI Score

8.4

Confidence

Low

EPSS

0.007

Percentile

81.0%

JSON

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.

References

fluxbb.org/forums/viewtopic.php?id=8001

packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html

seclists.org/fulldisclosure/2014/Nov/73

secunia.com/advisories/59038

exchange.xforce.ibmcloud.com/vulnerabilities/98890

fluxbb.org/development/core/tickets/990/