CVE-2014-10029

FluxBB < 1.4.13 and 1.5.x < 1.5.7 - SQL Injection via req_new_email Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10029. PoCs published by secthrowaway.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in FluxBB <= 1.5.6 by manipulating the email change functionality to reset a user's password. It uses a multi-stage approach involving SQL injection, SMTP interception, and password reset to achieve unauthorized access.

Description

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.

Exploits (1)

exploitdb WORKING POC

by secthrowaway · pythonwebappsmultiple

https://www.exploit-db.com/exploits/45595

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in FluxBB <= 1.5.6 by manipulating the email change functionality to reset a user's password. It uses a multi-stage approach involving SQL injection, SMTP interception, and password reset to achieve unauthorized access.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: FluxBB <= 1.5.6

Auth required

Prerequisites: Valid user credentials · Access to the target's SMTP server · Network reachability for SMTP interception

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory x_refsource_confirm

http://fluxbb.org/forums/viewtopic.php?id=8001

Exploit x_refsource_misc

http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59038

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Nov/73

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/98890

Vendor Advisory x_refsource_confirm

https://fluxbb.org/development/core/tickets/990/

Scores

EPSS 0.0257

EPSS Percentile 83.2%

Details

CWE

CWE-89

Status published

Products (8)

fluxbb/fluxbb 1.5.0

fluxbb/fluxbb 1.5.1

fluxbb/fluxbb 1.5.2

fluxbb/fluxbb 1.5.3

fluxbb/fluxbb 1.5.4

fluxbb/fluxbb 1.5.5

fluxbb/fluxbb 1.5.6

fluxbb/fluxbb < 1.4.11

Published Jan 13, 2015

Tracked Since Feb 18, 2026