Description
Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100506
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23246
Vendor Advisory x_refsource_confirm
https://fluxbb.org/forums/viewtopic.php?id=8203
Scores
EPSS
0.0258
EPSS Percentile
83.3%
Details
CWE
CWE-22
Status
published
Products (1)
fluxbb/fluxbb
< 1.5.7
Published
Feb 03, 2015
Tracked Since
Feb 18, 2026