Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1471


Vulnerability Score 4.6 4.6
CVE Id CVE-2001-1471
Last Modified 10 Sep 2008 03:10:34
Published 31 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.

Vulnerable Systems


  • Phpbb Group Phpbb 1.0.0

  • Phpbb Group Phpbb 1.2.0

  • Phpbb Group Phpbb 1.2.1

  • Phpbb Group Phpbb 1.4.0


CERT-VN - VU#920931

BID - 3167

XF - phpbb-admin-access(6944)

BUGTRAQ - 20010804 Re: phpBB 1.4.0 bug leads to easy admin privileges

BUGTRAQ - 20010810 Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below

Last Updated: 27 May 2016 10:36:40