CVE-2014-9574

FluxBB < 1.5.8 - Path Traversal via install_lang Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100506
Vendor Advisory x_refsource_confirm
https://fluxbb.org/forums/viewtopic.php?id=8203

Scores

EPSS 0.0258
EPSS Percentile 83.3%

Details

CWE
CWE-22
Status published
Products (1)
fluxbb/fluxbb < 1.5.7
Published Feb 03, 2015
Tracked Since Feb 18, 2026