CVE-2026-48613
- EPSS 0.16%
- Veröffentlicht 12.06.2026 02:27:43
- Zuletzt bearbeitet 23.06.2026 05:17:04
SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions ...
- EPSS 0.12%
- Veröffentlicht 12.06.2026 02:27:43
- Zuletzt bearbeitet 12.06.2026 16:15:57
Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and pot...
CVE-2026-48611
- EPSS 2.87%
- Veröffentlicht 12.06.2026 02:27:43
- Zuletzt bearbeitet 12.06.2026 16:15:57
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
CVE-2026-47366
- EPSS 0.3%
- Veröffentlicht 12.06.2026 02:27:43
- Zuletzt bearbeitet 12.06.2026 16:07:34
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege es...
CVE-2026-29199
- EPSS 0.25%
- Veröffentlicht 04.05.2026 05:42:15
- Zuletzt bearbeitet 29.05.2026 12:57:30
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset...
CVE-2025-70811
- EPSS 0.15%
- Veröffentlicht 09.04.2026 00:00:00
- Zuletzt bearbeitet 17.04.2026 13:05:33
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality.
CVE-2025-70810
- EPSS 0.25%
- Veröffentlicht 09.04.2026 00:00:00
- Zuletzt bearbeitet 17.04.2026 13:06:33
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism
CVE-2019-25685
- EPSS 0.18%
- Veröffentlicht 05.04.2026 20:45:33
- Zuletzt bearbeitet 19.04.2026 13:16:33
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-5917
- EPSS 0.52%
- Veröffentlicht 02.11.2023 11:15:14
- Zuletzt bearbeitet 21.11.2024 08:42:46
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak l...
CVE-2020-8226
- EPSS 0.97%
- Veröffentlicht 17.08.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:38:32
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.