{"url":"http://public2.vulnerablecode.io/api/packages/421787?format=json","purl":"pkg:composer/phpbb/phpbb@3.1.0-a3","type":"composer","namespace":"phpbb","name":"phpbb","version":"3.1.0-a3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.6","latest_non_vulnerable_version":"3.3.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61206?format=json","vulnerability_id":"VCID-2far-dtzw-tbap","summary":"phpBB Denial of Service\nThe fulltext search component in phpBB before 3.2.6 allows Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9826","reference_id":"","reference_type":"","scores":[{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.70942","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9826"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9826","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9826"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/29/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/29/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/426993?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.6-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xckh-w5hz-77gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.6-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/175007?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.6"}],"aliases":["CVE-2019-9826","GHSA-6pgr-x867-h7jx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2far-dtzw-tbap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62464?format=json","vulnerability_id":"VCID-bu31-6nve-53hc","summary":"phpBB Cross-Site Request Forgery (CSRF)\nIn phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16993","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44848","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16993"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00036.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00006.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16993","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16993"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?t=2352606","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?t=2352606"},{"reference_url":"https://www.phpbb.com/support/documents.php?mode=changelog&version=3#v317","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/support/documents.php?mode=changelog&version=3#v317"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/187153?format=json","purl":"pkg:composer/phpbb/phpbb@3.1.7-PL1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.1.7-PL1"},{"url":"http://public2.vulnerablecode.io/api/packages/421808?format=json","purl":"pkg:composer/phpbb/phpbb@3.1.8-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2far-dtzw-tbap"},{"vulnerability":"VCID-kcsd-y2du-skbw"},{"vulnerability":"VCID-xckh-w5hz-77gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.1.8-RC1"}],"aliases":["CVE-2019-16993","GHSA-vj3x-vfm4-hvxc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bu31-6nve-53hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61033?format=json","vulnerability_id":"VCID-kcsd-y2du-skbw","summary":"phpBB Remote Code Execution\nPassing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19274","reference_id":"","reference_type":"","scores":[{"value":"0.14464","scoring_system":"epss","scoring_elements":"0.94546","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19274"},{"reference_url":"https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00029.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19274","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19274"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/173728?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2far-dtzw-tbap"},{"vulnerability":"VCID-xckh-w5hz-77gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.4"}],"aliases":["CVE-2018-19274","GHSA-h3mr-q96r-37v4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsd-y2du-skbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62320?format=json","vulnerability_id":"VCID-xckh-w5hz-77gm","summary":"phpBB Server side request forgery (SSRF)\nServer side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11767","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4487","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11767"},{"reference_url":"https://github.com/phpbb/phpbb-app","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpbb/phpbb-app"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11767","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11767"},{"reference_url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/175007?format=json","purl":"pkg:composer/phpbb/phpbb@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.2.6"}],"aliases":["CVE-2019-11767","GHSA-4hx9-p925-qcv7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xckh-w5hz-77gm"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpbb/phpbb@3.1.0-a3"}