exploitDog

CVE-2014-9574

Опубликовано: 03 фев. 2015

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/100506
https://fluxbb.org/forums/viewtopic.php?id=8203
Vendor Advisory
https://www.htbridge.com/advisory/HTB23246
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/100506
https://fluxbb.org/forums/viewtopic.php?id=8203
Vendor Advisory
https://www.htbridge.com/advisory/HTB23246
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fluxbb:fluxbb:*:*:*:*:*:*:*:*

Версия до 1.5.7 (включая)

EPSS

Процентиль: 75%

0.00914

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-j69m-4pr5-vvwg

github

больше 3 лет назад

Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.

EPSS

Процентиль: 75%

0.00914

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-22