CVE-2001-1471 — HIGH severity vulnerability (prefs.php in phpBB 1.4.0 and earlier allows remote authentic)
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval st
| CVE ID | CVE-2001-1471 |
|---|---|
| Severity | HIGH |
| CVSS score | 8.8 |
| CVSS vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CWE | CWE-665 |
| Status | Modified |
| Published | 2001-07-31 |
| Last modified | 2026-04-16 |
| Description | prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →