CVE Catalog

CVE-2026-48613

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

CVE-2026-48613 describes an SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data. This allows for the execution of arbitrary SQL queries on phpBB forums that were updated from versions prior to phpBB 3.3.8 and have not yet been updated to 3.3.11 or newer.

Risk Assessment

Organizations using vulnerable versions of phpBB may be exposed to attacks that could lead to unauthorized access to the database and leakage of user data.

Recommendation

It is recommended to update phpBB to version 3.3.11 or newer to mitigate this vulnerability and protect user data.

Original NVD description (English source)

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS