← back
CVE-2001-1471

CVE-2001-1471

EPSS 7.7%
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21065unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2001-08/0123.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/6944http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-08/0087.htmlhttp://www.kb.cert.org/vuls/id/920931http://www.securityfocus.com/bid/3167