Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/100506https://www.htbridge.com/advisory/HTB23246https://fluxbb.org/forums/viewtopic.php?id=8203
