phpBB Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2018-19274)
Description
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.