PatchSiren cyber security CVE debrief
CVE-2026-48613 phpBB CVE debrief
A SQL injection vulnerability was discovered in phpBB profile field migration, tracked as CVE-2026-48613. This vulnerability occurs due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. The vulnerability affects phpBB forums that were updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet. The CVSS score for this vulnerability is 5.9, with a severity rating of MEDIUM.
- Vendor
- phpBB
- Product
- Unknown
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of phpBB forums that were updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by improper handling of user-supplied profile field data during migration. This allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access or modification of sensitive data.
Defensive priority
MEDIUM
Recommended defensive actions
- Update phpBB to version 3.3.11 or newer to fix the vulnerability.
- Review and monitor phpBB forum logs for suspicious activity.
Evidence notes
The CVE record was published on June 12, 2026, at 04:17:11 GMT and modified on June 12, 2026, at 16:15:57 GMT. The vulnerability has a CVSS score of 5.9 and a severity rating of MEDIUM.
Official resources
-
CVE-2026-48613 CVE record
CVE.org
-
CVE-2026-48613 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-48613 was published on 2026-06-12T04:17:11.327Z.