{"url":"http://public2.vulnerablecode.io/api/packages/228508?format=json","purl":"pkg:composer/phpbb/phpbb@3.1.2","type":"composer","namespace":"phpbb","name":"phpbb","version":"3.1.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.3.11","latest_non_vulnerable_version":"3.3.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40948?format=json","vulnerability_id":"VCID-88ra-surk-wkgc","summary":"Server-Side Request Forgery (SSRF)\nServer side request forgery (SSRF) in phpBB allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11767","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44918","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44881","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44951","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44957","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44937","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44908","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11767"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11767","reference_id":"CVE-2019-11767","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11767"},{"reference_url":"https://github.com/advisories/GHSA-4hx9-p925-qcv7","reference_id":"GHSA-4hx9-p925-qcv7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4hx9-p925-qcv7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57942?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e23j-etnm-hkgm"},{"vulnerability":"VCID-m8d2-233b-5uhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.6"}],"aliases":["CVE-2019-11767","GHSA-4hx9-p925-qcv7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88ra-surk-wkgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111840?format=json","vulnerability_id":"VCID-9995-4m7h-ryca","summary":"phpBB Open Redirect\nOpen redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3880","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72692","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72732","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72721","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72739","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72731","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3880"},{"reference_url":"https://github.com/phpbb/phpbb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb"},{"reference_url":"https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04"},{"reference_url":"https://github.com/phpbb/phpbb/commit/c1702b8e19a69c98ef049abb4e14157e3e208ed4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb/commit/c1702b8e19a69c98ef049abb4e14157e3e208ed4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3880","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3880"},{"reference_url":"https://web.archive.org/web/20170520103544/http://www.securityfocus.com/bid/74592","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170520103544/http://www.securityfocus.com/bid/74592"},{"reference_url":"https://wiki.phpbb.com/Release_Highlights/3.0.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.phpbb.com/Release_Highlights/3.0.14"},{"reference_url":"https://wiki.phpbb.com/Release_Highlights/3.1.4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.phpbb.com/Release_Highlights/3.1.4"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/05/12/10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/05/12/10"},{"reference_url":"https://github.com/advisories/GHSA-hwq7-cvp8-6hm3","reference_id":"GHSA-hwq7-cvp8-6hm3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hwq7-cvp8-6hm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/154259?format=json","purl":"pkg:composer/phpbb/phpbb@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-88ra-surk-wkgc"},{"vulnerability":"VCID-e23j-etnm-hkgm"},{"vulnerability":"VCID-gwjy-s2zp-r3g5"},{"vulnerability":"VCID-gwsy-qvrq-vbag"},{"vulnerability":"VCID-m8d2-233b-5uhs"},{"vulnerability":"VCID-tc4b-wtt4-rbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.1.4"}],"aliases":["CVE-2015-3880","GHSA-hwq7-cvp8-6hm3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9995-4m7h-ryca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52891?format=json","vulnerability_id":"VCID-e23j-etnm-hkgm","summary":"Server-Side Request Forgery (SSRF)\nA vulnerability in phpBB's remote image dimensions check can be abused to execute SSRF attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8226","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38939","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38986","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38975","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39002","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39031","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39027","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8226"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpbb/phpbb/CVE-2020-8226.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpbb/phpbb/CVE-2020-8226.yaml"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://github.com/phpbb/phpbb-app/commit/0cfaaafb386d58576d200d56f1acdbcc2f2376e8","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app/commit/0cfaaafb386d58576d200d56f1acdbcc2f2376e8"},{"reference_url":"https://github.com/phpbb/phpbb-app/commit/efc0a146bf12125eeb71d00470af774326a7bf0a","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app/commit/efc0a146bf12125eeb71d00470af774326a7bf0a"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8226","reference_id":"CVE-2020-8226","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8226"},{"reference_url":"https://github.com/advisories/GHSA-jhm9-h84h-rw83","reference_id":"GHSA-jhm9-h84h-rw83","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jhm9-h84h-rw83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77871?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m8d2-233b-5uhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.10"},{"url":"http://public2.vulnerablecode.io/api/packages/77872?format=json","purl":"pkg:composer/phpbb/phpbb@3.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m8d2-233b-5uhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.3.1"}],"aliases":["CVE-2020-8226","GHSA-jhm9-h84h-rw83"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e23j-etnm-hkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40947?format=json","vulnerability_id":"VCID-gwjy-s2zp-r3g5","summary":"Improper Input Validation\nThe fulltext search component in phpBB allows Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9826","reference_id":"","reference_type":"","scores":[{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71003","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71046","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71021","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71052","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71045","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71035","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9826"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/29/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/29/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9826","reference_id":"CVE-2019-9826","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9826"},{"reference_url":"https://github.com/advisories/GHSA-6pgr-x867-h7jx","reference_id":"GHSA-6pgr-x867-h7jx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pgr-x867-h7jx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/233602?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.6-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-88ra-surk-wkgc"},{"vulnerability":"VCID-e23j-etnm-hkgm"},{"vulnerability":"VCID-m8d2-233b-5uhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.6-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/57942?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e23j-etnm-hkgm"},{"vulnerability":"VCID-m8d2-233b-5uhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.6"}],"aliases":["CVE-2019-9826","GHSA-6pgr-x867-h7jx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwjy-s2zp-r3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51864?format=json","vulnerability_id":"VCID-gwsy-qvrq-vbag","summary":"Cross-Site Request Forgery (CSRF)\nIn phpBB `includes/acp/acp_bbcodes.php` has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16993","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44929","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44896","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44886","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44935","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44859","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44915","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16993"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00036.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00006.html"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?t=2352606","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?t=2352606"},{"reference_url":"https://www.phpbb.com/support/documents.php?mode=changelog&version=3#v317","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/support/documents.php?mode=changelog&version=3#v317"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16993","reference_id":"CVE-2019-16993","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16993"},{"reference_url":"https://github.com/advisories/GHSA-vj3x-vfm4-hvxc","reference_id":"GHSA-vj3x-vfm4-hvxc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vj3x-vfm4-hvxc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/156179?format=json","purl":"pkg:composer/phpbb/phpbb@3.1.7-PL1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.1.7-PL1"},{"url":"http://public2.vulnerablecode.io/api/packages/228520?format=json","purl":"pkg:composer/phpbb/phpbb@3.1.8-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-88ra-surk-wkgc"},{"vulnerability":"VCID-e23j-etnm-hkgm"},{"vulnerability":"VCID-gwjy-s2zp-r3g5"},{"vulnerability":"VCID-m8d2-233b-5uhs"},{"vulnerability":"VCID-tc4b-wtt4-rbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.1.8-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/76003?format=json","purl":"pkg:composer/phpbb/phpbb@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-88ra-surk-wkgc"},{"vulnerability":"VCID-e23j-etnm-hkgm"},{"vulnerability":"VCID-gwjy-s2zp-r3g5"},{"vulnerability":"VCID-m8d2-233b-5uhs"},{"vulnerability":"VCID-tc4b-wtt4-rbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.1.8"}],"aliases":["CVE-2019-16993","GHSA-vj3x-vfm4-hvxc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwsy-qvrq-vbag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46329?format=json","vulnerability_id":"VCID-m8d2-233b-5uhs","summary":"phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting\nA vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file `phpBB/includes/acp/acp_icons.php` of the component Smiley Pack Handler. The manipulation of the argument pack leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5917","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26368","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26264","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26259","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26316","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2636","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5917"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://github.com/phpbb/phpbb-app/commit/a3a84334f1c17ee57cc9af3d84996af8772736d3","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app/commit/a3a84334f1c17ee57cc9af3d84996af8772736d3"},{"reference_url":"https://github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aac","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:48:36Z/"}],"url":"https://github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aac"},{"reference_url":"https://github.com/phpbb/phpbb/releases/tag/release-3.3.11","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:48:36Z/"}],"url":"https://github.com/phpbb/phpbb/releases/tag/release-3.3.11"},{"reference_url":"https://vuldb.com/?ctiid.244307","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:48:36Z/"}],"url":"https://vuldb.com/?ctiid.244307"},{"reference_url":"https://vuldb.com/?id.244307","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:48:36Z/"}],"url":"https://vuldb.com/?id.244307"},{"reference_url":"https://www.phpbb.com","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?t=2646991","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:48:36Z/"}],"url":"https://www.phpbb.com/community/viewtopic.php?t=2646991"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5917","reference_id":"CVE-2023-5917","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5917"},{"reference_url":"https://github.com/advisories/GHSA-gmx8-8rff-qv6q","reference_id":"GHSA-gmx8-8rff-qv6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gmx8-8rff-qv6q"},{"reference_url":"https://www.phpbb.com/","reference_id":"www.phpbb.com","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:48:36Z/"}],"url":"https://www.phpbb.com/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67602?format=json","purl":"pkg:composer/phpbb/phpbb@3.3.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.3.11"}],"aliases":["CVE-2023-5917","GHSA-gmx8-8rff-qv6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8d2-233b-5uhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40457?format=json","vulnerability_id":"VCID-tc4b-wtt4-rbgr","summary":"Deserialization of Untrusted Data\nPassing an absolute path to a `file_exists` check in phpBB allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19274","reference_id":"","reference_type":"","scores":[{"value":"0.13851","scoring_system":"epss","scoring_elements":"0.94429","published_at":"2026-06-04T12:55:00Z"},{"value":"0.13851","scoring_system":"epss","scoring_elements":"0.94446","published_at":"2026-06-09T12:55:00Z"},{"value":"0.13851","scoring_system":"epss","scoring_elements":"0.94442","published_at":"2026-06-08T12:55:00Z"},{"value":"0.13851","scoring_system":"epss","scoring_elements":"0.94441","published_at":"2026-06-07T12:55:00Z"},{"value":"0.13851","scoring_system":"epss","scoring_elements":"0.94439","published_at":"2026-06-06T12:55:00Z"},{"value":"0.13851","scoring_system":"epss","scoring_elements":"0.94437","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19274"},{"reference_url":"https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00029.html"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19274","reference_id":"CVE-2018-19274","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19274"},{"reference_url":"https://github.com/advisories/GHSA-h3mr-q96r-37v4","reference_id":"GHSA-h3mr-q96r-37v4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h3mr-q96r-37v4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57038?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-88ra-surk-wkgc"},{"vulnerability":"VCID-e23j-etnm-hkgm"},{"vulnerability":"VCID-gwjy-s2zp-r3g5"},{"vulnerability":"VCID-m8d2-233b-5uhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.4"}],"aliases":["CVE-2018-19274","GHSA-h3mr-q96r-37v4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc4b-wtt4-rbgr"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.1.2"}