CVE-2001-1472

Опубликовано: 03 авг. 2001

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

Ссылки

http://www.kb.cert.org/vuls/id/314347
US Government Resource
http://www.securityfocus.com/archive/1/201715
Exploit
http://www.securityfocus.com/bid/3142
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/6944
http://www.kb.cert.org/vuls/id/314347
US Government Resource
http://www.securityfocus.com/archive/1/201715
Exploit
http://www.securityfocus.com/bid/3142
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/6944

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00835

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2001-1472

debian

около 24 лет назад

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allo ...

GHSA-3jqm-4487-ppp7

github

больше 3 лет назад