CVE-2001-1472

Name of the Vulnerable Software and Affected Versions phpBB versions 1.4.0 through 1.4.1

Description The issue allows remote authenticated users to execute arbitrary SQL commands and gain administrative access. This is achieved via the viewemail parameter in the prefs.php file.

Recommendations For phpBB versions 1.4.0 and 1.4.1, avoid using the viewemail parameter in the prefs.php file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.