CyberSec.Space Logo
Back to CVE Browser

CVE-2002-1482

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile16.92th
PublishedApr 22, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.

Affected Platforms (CPE)

πŸ“¦
Phpgb

Phpgb

= 1.10
πŸ“¦
Phpgb

Phpgb

= 1.20
πŸ“¦
Phpgb

Phpgb

= 1.30

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
πŸ”— http://www.iss.net/security_center/static/10068.php
πŸ”— http://www.securityfocus.com/bid/5673
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
πŸ”— http://www.iss.net/security_center/static/10068.php
πŸ”— http://www.securityfocus.com/bid/5673

Related Vulnerabilities

CVE-2002-14817.5

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of ser...

CVE-2002-14806.8

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into gues...

CVE-2002-000510.0

Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...