Описание
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
Ссылки
- Broken Link
- Broken Link
- Third Party AdvisoryUS Government Resource
- Broken LinkExploitPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Third Party AdvisoryUS Government Resource
- Broken LinkExploitPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
8.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
EPSS
8.8 High
CVSS3
4.6 Medium
CVSS2