Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1472 — SQL Injection in Group Phpbb

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.8%

top 25.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpbb Group Phpbb

Timeline

PublishedAug 3

Latest updateApr 30

Description

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDphpbb_group/phpbb1.4.0, 1.4.1+1

🔴Vulnerability Details

GHSA

GHSA-3jqm-4487-ppp7: SQL injection vulnerability in prefs↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

phpBB 1.4 - SQL Query Manipulation↗2001-08-03

▶