SQL Injection Vulnerability in phpBB Forums by phpBB
CVE-2026-48613

7.1HIGH

Key Information:

Vendor

PHPbb

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-48613?

A SQL injection vulnerability exists in phpBB's profile field migration process, stemming from inadequate validation of user-supplied profile field data. This flaw allows attackers to execute arbitrary SQL queries, leading to potential data exposure or system compromise. This vulnerability affects phpBB forums that were updated from versions prior to 3.3.8 and have not yet moved to 3.3.11 or later, making it crucial for forum administrators to ensure their software is up to date.

Affected Version(s)

phpBB 3.3.8 <= 3.3.16

References

CVSS V3.0

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.