Remote Code Execution Vulnerability in phpBB by PHP Group
CVE-2001-1471

8.8HIGH

Key Information:

Vendor

PHPbb Group

Status
PHPbb
Vendor
CVE Published:
31 July 2001

What is CVE-2001-1471?

The vulnerability found in phpBB versions 1.4.0 and earlier allows remote authenticated users to exploit an invalid language value in prefs.php. This flaw leads to improper initialization of critical variables, $l_statsblock and $l_privnotify, which can be manipulated by the user. Such manipulation gives attackers the opportunity to execute arbitrary PHP code, potentially compromising the integrity of the phpBB application and granting unauthorized administrative privileges.

References

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugt...
mailing-listx_refsource_BUGTRAQ
http://archives.neohapsis.com/archives/bugtraq/2001-08/01...
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/6944
vdb-entryx_refsource_XF

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.