phpBB Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability - CVE-2018-19274 - Vulnerability Database

phpBB

phpBB Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability - CVE-2018-19274

High

Reference: CVE-2018-19274

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-19274

Title: phpBB Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability

Overview:

Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.