Vulnerabilities > CVE-2002-1481 - Unspecified vulnerability in PHPgb 1.10/1.20

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phpgb
exploit available

Summary

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.

Vulnerable Configurations

Part Description Count
Application
Phpgb
2

Exploit-Db

descriptionphpGB 1.1/1.2 PHP Code Injection Vulnerability. CVE-2002-1481. Webapps exploit for php platform
idEDB-ID:21783
last seen2016-02-02
modified2002-09-09
published2002-09-09
reporterppp-design
sourcehttps://www.exploit-db.com/download/21783/
titlephpGB 1.1/1.2 PHP Code Injection Vulnerability