CVE-2026-48613
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
CVE-2026-48613 describes an SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data. This allows for the execution of arbitrary SQL queries on phpBB forums that were updated from versions prior to phpBB 3.3.8 and have not yet been updated to 3.3.11 or newer.
Risk Assessment
Organizations using vulnerable versions of phpBB may be exposed to attacks that could lead to unauthorized access to the database and leakage of user data.
Recommendation
It is recommended to update phpBB to version 3.3.11 or newer to mitigate this vulnerability and protect user data.
Original NVD description (English source)
SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet.

