WEB APPLICATION VULNERABILITIES Standard & Premium

phpBB Improper Initialization Vulnerability (CVE-2001-1471)

Description

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.

Remediation

References

Related Vulnerabilities

WordPress Plugin Transposh WordPress Translation Cross-Site Scripting (0.8.3)

WordPress Plugin WP Login Security and History Cross-Site Request Forgery (1.0)

WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA Multiple Cross-Site Scripting Vulnerabilities (0.4.3)

WordPress Plugin Easy Digital Downloads-Recent Purchases Remote File Inclusion (1.0.2)

WordPress Plugin Mailster-Email Newsletter for WordPress Local File Inclusion (4.0.6)

Severity

High

Classification

CVE-2001-1471 CWE-665 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities