Back to search
CVE-2001-1471
Published: Apr 21, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20010804 Re: phpBB 1.4.0 bug leads to easy admin privileges
mailing-list
x_refsource_BUGTRAQ
20010810 Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below
mailing-list
x_refsource_BUGTRAQ
phpbb-admin-access(6944)
vdb-entry
x_refsource_XF
VU#920931
third-party-advisory
x_refsource_CERT-VN
3167
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now