Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2014-10029

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.

Published: Jan 13, 2015
Updated: Nov 9, 2025
CVE: CVE-2014-10029
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
fluxbb / fluxbb	1.5.1	1.5.1.x
fluxbb / fluxbb	1.5.4	1.5.4.x
fluxbb / fluxbb	1.5.6	1.5.6.x
fluxbb / fluxbb	1.5.2	1.5.2.x
fluxbb / fluxbb	1.5.0	1.5.0.x
fluxbb / fluxbb	-	1.4.11.x
fluxbb / fluxbb	1.5.3	1.5.3.x
fluxbb / fluxbb	1.5.5	1.5.5.x

http://fluxbb.org/forums/viewtopic.php?id=8001
http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Nov/73
http://secunia.com/advisories/59038
https://exchange.xforce.ibmcloud.com/vulnerabilities/98890
https://fluxbb.org/development/core/tickets/990/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo