Vulnerability Details CVE-2014-9574
Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.0%
CVSS Severity
CVSS v2 Score 9.3
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100506
- https://fluxbb.org/forums/viewtopic.php?id=8203
- https://www.htbridge.com/advisory/HTB23246
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100506
- https://fluxbb.org/forums/viewtopic.php?id=8203
- https://www.htbridge.com/advisory/HTB23246
Products affected by CVE-2014-9574
-
cpe:2.3:a:fluxbb:fluxbb:1.2.18
-
cpe:2.3:a:fluxbb:fluxbb:1.2.19
-
cpe:2.3:a:fluxbb:fluxbb:1.2.20
-
cpe:2.3:a:fluxbb:fluxbb:1.2.21
-
cpe:2.3:a:fluxbb:fluxbb:1.2.22
-
cpe:2.3:a:fluxbb:fluxbb:1.2.23
-
cpe:2.3:a:fluxbb:fluxbb:1.2.24
-
cpe:2.3:a:fluxbb:fluxbb:1.3
-
cpe:2.3:a:fluxbb:fluxbb:1.4
-
cpe:2.3:a:fluxbb:fluxbb:1.4.0
-
cpe:2.3:a:fluxbb:fluxbb:1.4.1
-
cpe:2.3:a:fluxbb:fluxbb:1.4.10
-
cpe:2.3:a:fluxbb:fluxbb:1.4.11
-
cpe:2.3:a:fluxbb:fluxbb:1.4.12
-
cpe:2.3:a:fluxbb:fluxbb:1.4.13
-
cpe:2.3:a:fluxbb:fluxbb:1.4.2
-
cpe:2.3:a:fluxbb:fluxbb:1.4.3
-
cpe:2.3:a:fluxbb:fluxbb:1.4.4
-
cpe:2.3:a:fluxbb:fluxbb:1.4.5
-
cpe:2.3:a:fluxbb:fluxbb:1.4.6
-
cpe:2.3:a:fluxbb:fluxbb:1.4.7
-
cpe:2.3:a:fluxbb:fluxbb:1.4.8
-
cpe:2.3:a:fluxbb:fluxbb:1.4.9
-
cpe:2.3:a:fluxbb:fluxbb:1.5.0
-
cpe:2.3:a:fluxbb:fluxbb:1.5.1
-
cpe:2.3:a:fluxbb:fluxbb:1.5.2
-
cpe:2.3:a:fluxbb:fluxbb:1.5.3
-
cpe:2.3:a:fluxbb:fluxbb:1.5.4
-
cpe:2.3:a:fluxbb:fluxbb:1.5.5
-
cpe:2.3:a:fluxbb:fluxbb:1.5.6
-
cpe:2.3:a:fluxbb:fluxbb:1.5.7