Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1472

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-1472
Last Modified 05 Sep 2008 04:26:39
Published 03 Aug 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1472

Summary

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 1.4.0

  • Phpbb Group Phpbb 1.4.1


References

CERT-VN - VU#314347

XF - phpbb-admin-access(6944)

BID - 3142

BUGTRAQ - 20010803 phpBB 1.4.0 bug leads to easy admin privileges


Last Updated: 27 May 2016 10:36:41