← Zuruck zu CVEs
CVE-2018-19274
HIGH7.2
Beschreibung
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
CVE Details
CVSS v3.1 Bewertung7.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht11/17/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
debian:debian_linuxphpbb:phpbb
Schwachen (CWE)
CWE-502CWE-1321
Referenzen
https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206(cve@mitre.org)
https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/11/msg00029.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.