PT-2001-2562 · Phpbb · Phpbb
Published
2001-08-03
·
Updated
2017-07-11
·
CVE-2001-1472
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpBB versions 1.4.0 through 1.4.1
Description
The issue allows remote authenticated users to execute arbitrary SQL commands and gain administrative access. This is achieved via the
viewemail parameter in the prefs.php file.Recommendations
For phpBB versions 1.4.0 and 1.4.1, avoid using the
viewemail parameter in the prefs.php file until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpbb