CVE-2001-1471

HIGH Year: 2001
CVSS v3 Score
8.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-665
View all →

Vulnerability Description

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.

Related Vulnerabilities

CVE-2008-3637

HIGH
CVSS:8.8(High)

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code...

CWE-6652008

CVE-2018-10484

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the tar...

CWE-6652018

CVE-2018-14282

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the targ...

CWE-6652018

CVE-2019-20063

HIGH
CVSS:8.8(High)

hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.

CWE-6652019

CVE-2021-44169

HIGH
CVSS:8.8(High)

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative p...

CWE-6652021

CVE-2022-2620

HIGH
CVSS:8.8(High)

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corrupti...

CWE-6652022