Phpbb
CVE-2018-19274
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
AnalysisAI
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. Affected products include: Phpbb, Debian Debian Linux. Version information: before 3.2.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.
Account hijacking in phpBB is possible due to improper authentication checks in the OAuth implementation, affecting defa
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote A
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in
Host header injection in phpBB versions 3.0.0 through 3.3.15 enables password reset link poisoning when force_server_var
Account takeover in phpBB via OAuth state-verification flaw enables remote attackers to link a victim's forum account to
The fulltext search component in phpBB before 3.2.6 allows Denial of Service. Rated high severity (CVSS 7.5), this vulne
Privilege escalation in phpBB allows an authenticated administrator with limited rights to grant themselves permissions
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the fo
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. Rated medium severity (CVSS 6.5), this vuln
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of G
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10.php of the component Smiley P
SQL injection in phpBB forum software allows authenticated users to execute arbitrary SQL queries through a flawed profi
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today