CVE-2026-48613
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet.
| CWE | CWE-89 |
| Vendor | phpbb |
| Product | phpbb |
| Published | Jun 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for phpbb phpbb
Be the first to know when new high vulnerabilities affecting phpbb phpbb are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L/CR:H/IR:H/AR:H Affected Versions
phpBB / phpBB
3.3.8 โค 3.3.16