Vulnerability Details CVE-2001-1471
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 4.6
References
- http://archives.neohapsis.com/archives/bugtraq/2001-08/0123.html
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-08/0087.html
- http://www.kb.cert.org/vuls/id/920931
- http://www.securityfocus.com/bid/3167
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6944
- http://archives.neohapsis.com/archives/bugtraq/2001-08/0123.html
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-08/0087.html
- http://www.kb.cert.org/vuls/id/920931
- http://www.securityfocus.com/bid/3167
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6944