Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1471

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-1471
Last Modified 10 Sep 2008 03:10:34
Published 31 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1471

Summary

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 1.0.0

  • Phpbb Group Phpbb 1.2.0

  • Phpbb Group Phpbb 1.2.1

  • Phpbb Group Phpbb 1.4.0


References

CERT-VN - VU#920931

BID - 3167

XF - phpbb-admin-access(6944)

BUGTRAQ - 20010804 Re: phpBB 1.4.0 bug leads to easy admin privileges

BUGTRAQ - 20010810 Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below


Last Updated: 27 May 2016 10:36:40