CVE-2001-1471

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/07/2001
Last modified:
03/04/2025

Description

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:* 1.4.0 (including)