Description

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.

Remediation

References

CVE-2014-10029

Related Vulnerabilities

WordPress Plugin Shield Security-Smart Bot Blocking & Intrusion Prevention Security Cross-Site Scripting (18.5.7)

Oracle Database Server CVE-2011-2238 Vulnerability (CVE-2011-2238)

WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (1.3.4)

WordPress Plugin ARForms:Wordpress Form Builder Arbitrary File Deletion (3.5.1)

Apache Tomcat Improper Authentication Vulnerability (CVE-2013-2067)

Severity

High

Classification

CVE-2014-10029 CWE-138

Tags

Missing Update Known Vulnerabilities