Описание
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-10029
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98890
- https://fluxbb.org/development/core/tickets/990
- http://fluxbb.org/forums/viewtopic.php?id=8001
- http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Nov/73
- http://secunia.com/advisories/59038
Связанные уязвимости
nvd
около 11 лет назад
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.