CVE-2001-1471
published 2001-07-31CVE-2001-1471: prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the…
PriorityP433high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
7.70%
93.9th percentile
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbb | phpbb | <= 1.4.0 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Initialization
mitre_cwe
CWE-665 Improper Initialization
CWE-665: Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.
Modes of Introduction:
Phase: Implementation
Note: This weakness can occur in code paths that are not well-tested, such as rare error conditions. This is because the use of uninitialized data would be noticed as a bug during frequently-used functionality.
Phase: Operation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory, Read Application Data. When reusing a resource such as memory or a program
CWE
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
mitre_cwe
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Phase: Implementation
Note: This weakness is prevalent in handler/dispatch procedures that might want to invoke a large number of functions, or set a large number of variables.
Common Consequences:
Scope: Confidentiality. Impact: Read Files or Directories, Read Application Data. The injected code could access restricted data / files.
Scope: Access Control. Impact:
CWE
Improper Control of Generation of Code ('Code Injection')
mitre_cwe
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-94: Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism. In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Scope: Access Control. Impact: Gain Privileges or Assume Identity. Injected code can access resources that the attacker is directly prevented from ac
http://archives.neohapsis.com/archives/bugtraq/2001-08/0123.htmlhttp://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-08/0087.htmlhttp://www.kb.cert.org/vuls/id/920931http://www.securityfocus.com/bid/3167https://exchange.xforce.ibmcloud.com/vulnerabilities/6944http://archives.neohapsis.com/archives/bugtraq/2001-08/0123.htmlhttp://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-08/0087.htmlhttp://www.kb.cert.org/vuls/id/920931http://www.securityfocus.com/bid/3167https://exchange.xforce.ibmcloud.com/vulnerabilities/6944
2001-07-31
Published