Logo
Retour à la veille

CVE-2026-48613

Publié : 12 juin 2026
Modifié : 12 juin 2026
Lien officiel NVD
Score CVSS
5.9
MEDIUM

Description détaillée

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

Références et Patchs

https://www.phpbb.com/community/viewtopic.php?t=2672170

Dernières Vulnérabilités

CVE-2026-9271

Vulnerability Title

VOIR DÉTAILS

CVE-2026-9269

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

VOIR DÉTAILS

CVE-2026-12060

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining unauthorized access to camera and microphone permissions.

VOIR DÉTAILS