SQL Injection Vulnerability in phpBB Forums by phpBB
CVE-2026-48613
7.1HIGH
What is CVE-2026-48613?
A SQL injection vulnerability exists in phpBB's profile field migration process, stemming from inadequate validation of user-supplied profile field data. This flaw allows attackers to execute arbitrary SQL queries, leading to potential data exposure or system compromise. This vulnerability affects phpBB forums that were updated from versions prior to 3.3.8 and have not yet moved to 3.3.11 or later, making it crucial for forum administrators to ensure their software is up to date.
Affected Version(s)
phpBB 3.3.8 <= 3.3.16
