Updated:  August 16, 2001

Status

Affected

Vendor Statement

This release [phpBB 1.4.1] fixed major security holes that allow malicious users to re-write the URL to gain admin status or allow the malicious use of HTML or BBCode to gain admin status.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.