Moderate

CVE-2014-10030 - Unspecified vulnerability in Fluxbb

Publication: 2015-01-13

Summary

Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

Risk level (CVSS 5.8)

Moderate

5.8

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

Fluxbb Fluxbb 1.4.11
Fluxbb Fluxbb 1.5.0
Fluxbb Fluxbb 1.5.1
Fluxbb Fluxbb 1.5.2
Fluxbb Fluxbb 1.5.3
Fluxbb Fluxbb 1.5.4
Fluxbb Fluxbb 1.5.5
Fluxbb Fluxbb 1.5.6

References

http://fluxbb.org/forums/viewtopic.php?id=8001
https://fluxbb.org/development/core/tickets/961/