CVE-2018-19274

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.2.4

Description The issue allows for Remote Code Execution through Object Injection by utilizing Phar deserialization. This can be achieved by passing an absolute path to a file exists check. The exploitation of this issue requires access to the Admin Control Panel with founder permissions.

Recommendations For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin Control Panel to minimize the risk of exploitation.