CVE-2018-19274
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-19274
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19274.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-19274
- Aliases
- Related
- Published
- 2018-11-17T13:29:00Z
- Modified
- 2025-01-14T07:26:44.379808Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
- References
Affected packages
Git / github.com/phpbb/phpbb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/phpbb/phpbb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
release-3.*
release-3.0-B1
release-3.0-B2
release-3.0-B3
release-3.0-B4
release-3.0-B5
release-3.0-RC1
release-3.0-RC2
release-3.0-RC3
release-3.0-RC4
release-3.0-RC5
release-3.0-RC6
release-3.0-RC7
release-3.0-RC8
release-3.0.0
release-3.0.1
release-3.0.1-RC1
release-3.0.10
release-3.0.10-RC1
release-3.0.10-RC2
release-3.0.10-RC3
release-3.0.11-RC1
release-3.0.11-RC2
release-3.0.12-RC1
release-3.0.12-RC2
release-3.0.12-RC3
release-3.0.13-PL1
release-3.0.13-RC1
release-3.0.14
release-3.0.14-RC1
release-3.0.2
release-3.0.2-RC1
release-3.0.2-RC2
release-3.0.3
release-3.0.3-RC1
release-3.0.4
release-3.0.4-RC1
release-3.0.5
release-3.0.5-RC1
release-3.0.6
release-3.0.6-RC1
release-3.0.6-RC2
release-3.0.6-RC3
release-3.0.6-RC4
release-3.0.7
release-3.0.7-PL1
release-3.0.7-RC1
release-3.0.7-RC2
release-3.0.8
release-3.0.8-RC1
release-3.0.9
release-3.0.9-RC1
release-3.0.9-RC2
release-3.0.9-RC3
release-3.0.9-RC4
release-3.1.0
release-3.1.0-RC1
release-3.1.0-RC2
release-3.1.0-RC3
release-3.1.0-RC4
release-3.1.0-RC5
release-3.1.0-RC6
release-3.1.0-a1
release-3.1.0-a2
release-3.1.0-a3
release-3.1.0-b1
release-3.1.0-b2
release-3.1.0-b3
release-3.1.0-b4
release-3.1.1
release-3.1.10
release-3.1.10-RC1
release-3.1.11
release-3.1.11-RC1
release-3.1.12
release-3.1.2
release-3.1.2-RC1
release-3.1.3
release-3.1.3-RC1
release-3.1.3-RC2
release-3.1.4
release-3.1.4-RC1
release-3.1.4-RC2
release-3.1.5
release-3.1.5-RC1
release-3.1.6
release-3.1.6-RC1
release-3.1.7
release-3.1.7-RC1
release-3.1.7-pl1
release-3.1.8
release-3.1.8-RC1
release-3.1.9
release-3.1.9-RC1
release-3.2.0
release-3.2.0-RC1
release-3.2.0-RC2
release-3.2.0-a1
release-3.2.0-b2
release-3.2.1
release-3.2.1-RC1
release-3.2.2
release-3.2.2-RC1
release-3.2.3
release-3.2.3-RC1
release-3.2.3-RC2
release-3.2.4-RC1