CVE-2026-48613

7.1HIGH

Key Information:

Vendor: PHPbb
Status: PHPbb
Vendor: CVE Published:; 12 June 2026

What is CVE-2026-48613?

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet.

Affected Version(s)

phpBB 3.3.8 <= 3.3.16

References

https://www.phpbb.com/community/viewtopic.php?t=2672170

CVSS V3.0

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
May 22, 2026

CVE-2026-48613 Data

JSON

PHPbb

What is CVE-2026-48613?

Affected Version(s)

References

CVSS V3.0

Timeline