← CVECheck
HomeVulnerabilities

CVE-2001-1471 — HIGH severity vulnerability (prefs.php in phpBB 1.4.0 and earlier allows remote authentic)

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval st

CVE IDCVE-2001-1471
SeverityHIGH
CVSS score8.8
CVSS vectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWECWE-665
StatusModified
Published2001-07-31
Last modified2026-04-16
Descriptionprefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →