CVE-2001-1472
phpBB 1.4.0-1.4.1 - Authenticated SQL Injection via viewemail Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-1472. PoCs published by kill-9.
AI-analyzed exploit summary This exploit leverages SQL injection in phpBB 1.4.x by manipulating the 'viewemail' parameter in a crafted URL to elevate a user's privileges to administrator level. The attack requires an existing user account and injects SQL to modify the user_level field.
Description
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
Exploits (1)
This exploit leverages SQL injection in phpBB 1.4.x by manipulating the 'viewemail' parameter in a crafted URL to elevate a user's privileges to administrator level. The attack requires an existing user account and injects SQL to modify the user_level field.