CVE-2026-48613 | THREATINT

Description

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet.

PUBLISHED Reserved 2026-05-22 | Published 2026-06-12 | Updated 2026-06-12 | Assigner hackerone

HIGH: 7.1CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L/CR:H/IR:H/AR:H

Problem types

CWE-89 SQL Injection

Product status

Default status

unaffected

3.3.8 (semver)

affected

References

www.phpbb.com/community/viewtopic.php?t=2672170

cve.org (CVE-2026-48613)

nvd.nist.gov (CVE-2026-48613)

Download JSON