CVE-2001-1472

Published: Aug 3, 2001Modified: Apr 16, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

Affected (2)

Products: Phpbb Group: Phpbb

Phpbb Group

1 product

Phpbb

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Phpbb Group Phpbb	Version 1.4.0
Phpbb Group Phpbb	Version 1.4.1

References (8)

http://www.kb.cert.org/vuls/id/314347

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/archive/1/201715

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/3142

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/6944

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/314347

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/archive/1/201715

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/3142

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/6944

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.