CVE-2001-1472 - OpenCVE

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Phpbb Group	Phpbb

Configuration 1 [-]

OR	cpe:2.3:a:phpbb_group:phpbb:1.4.0:::::::*
	cpe:2.3:a:phpbb_group:phpbb:1.4.1:::::::*

References

Link	Resource
http://www.kb.cert.org/vuls/id/314347	US Government Resource
http://www.securityfocus.com/archive/1/201715	Exploit
http://www.securityfocus.com/bid/3142	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/6944

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-04-21T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-04-21T00:00:00

Link: CVE-2001-1472

JSON object: View

NVD Information

Status : Modified

Published: 2001-08-03T04:00:00.000

Modified: 2017-07-11T01:29:09.087

Link: CVE-2001-1472

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-08-03T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20010803 phpBB 1.4.0 bug leads to easy admin privileges", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/201715"}, {"name": "3142", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3142"}, {"name": "phpbb-admin-access(6944)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6944"}, {"name": "VU#314347", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/314347"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1472", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20010803 phpBB 1.4.0 bug leads to easy admin privileges", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/201715"}, {"name": "3142", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3142"}, {"name": "phpbb-admin-access(6944)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6944"}, {"name": "VU#314347", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/314347"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1472", "datePublished": "2005-04-21T04:00:00", "dateReserved": "2005-04-21T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}