What is CVE-2001-1482?

CVE-2001-1482 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 7.5.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2001-1482

HIGH7.5/ 10.0

Published: December 31, 2001 at 05:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.

CVSS Metrics

Base Score

7.5

Severity

HIGH

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

phpBB 1.4.2 is vulnerable to a critical SQL injection flaw in bb_memberlist.php, allowing attackers to execute arbitrary SQL commands. This vulnerability can lead to complete database compromise, enabling attackers to steal sensitive user data, including usernames, passwords, and potentially gain control of the server. Successful exploitation can result in significant data breaches and system compromise.

02 // Vulnerability Mechanism

Step 1: Payload Delivery: The attacker crafts a malicious URL containing a specially crafted value for the $sortby parameter in bb_memberlist.php. This value includes SQL injection code.

Step 2: Request Submission: The attacker sends the malicious URL to the vulnerable phpBB forum.

Step 3: Server-Side Processing: The phpBB server receives the request and executes the bb_memberlist.php script.

Step 4: Query Construction: The script constructs an SQL query using the attacker-supplied $sortby value without proper sanitization.

Step 5: SQL Injection: The malicious SQL code injected by the attacker is executed as part of the database query.

Step 6: Data Manipulation: Depending on the injected SQL code, the attacker can perform actions such as retrieving sensitive data (e.g., usernames, passwords), modifying existing data, or even gaining administrative access to the forum.

03 // Deep Technical Analysis

The vulnerability stems from insufficient input validation of the $sortby variable within the bb_memberlist.php script. The script directly incorporates user-supplied input from the $sortby variable into SQL queries without proper sanitization or escaping. This allows an attacker to inject malicious SQL code, manipulating the database queries to extract, modify, or delete data. The root cause is a lack of parameterized queries or prepared statements, which would have prevented the injection of malicious SQL code. The script trusts the user-provided input without validating its format or content, leading to the vulnerability.