CyberSec.Space Logo
Back to CVE Browser

CVE-2002-1481

HIGH
7.5
CVSS Severity Score
EPSS Score0.2000%
EPSS Percentile22.68th
PublishedApr 22, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.

Affected Platforms (CPE)

πŸ“¦
Phpgb

Phpgb

= 1.10
πŸ“¦
Phpgb

Phpgb

= 1.20

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
πŸ”— http://www.iss.net/security_center/static/10065.php
πŸ”— http://www.securityfocus.com/bid/5679
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
πŸ”— http://www.iss.net/security_center/static/10065.php
πŸ”— http://www.securityfocus.com/bid/5679

Related Vulnerabilities

CVE-2002-148210.0

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers...

CVE-2002-14806.8

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into gues...

CVE-2002-122610.0

Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remo...

CVE-2002-121510.0

Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote a...