1.4.1

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

phpbb-group

exploit available

NVD

Published: 2001-08-03

Updated: 2017-07-11

Summary

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

Vulnerable Configurations

Part	Description	Count
Application	Phpbb_Group Phpbb Group Phpbb 1.4.0 Phpbb Group Phpbb 1.4.1	2

Exploit-Db

description	phpBB 1.4 Remote SQL Query Manipulation Vulnerability. CVE-2001-1472. Webapps exploit for php platform
id	EDB-ID:21046
last seen	2016-02-02
modified	2001-08-03
published	2001-08-03
reporter	kill-9
source	https://www.exploit-db.com/download/21046/
title	phpBB 1.4 - Remote SQL Query Manipulation Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References