|Category:||Web application abuses|
|Title:||phpBB < 3.2.4 Remote Code Execution Vulnerability|
|Summary:||phpBB is prone to Remote Code Execution through Object Injection.|
phpBB is prone to Remote Code Execution through Object Injection.
Passing an absolute path to a file_exists check allows Remote Code Execution through Object
Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
Successful exploitation allows remote code execution for users with founder permissions to
gain access to the underlying system.
phpBB versions before 3.2.4.
Update to version 3.2.4 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2018-19274|
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.