Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpBB Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability - CVE-2018-19274 - Vulnerability Database
phpBB

phpBB Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability - CVE-2018-19274

High
Reference: CVE-2018-19274
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-19274
Title: phpBB Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Overview:

Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.