Miggo Logo
Miggo Vulnerability Database
CVE-2018-19274

CVE-2018-19274: phpBB Remote Code Execution

7.2

CVSS Score
3.1

Basic Information

CVE ID
CVE-2018-19274
GHSA ID
GHSA-h3mr-q96r-37v4
EPSS Score
0.95366%
CWE
CWE-502
Published
5/13/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
phpbb/phpbbcomposer< 3.2.43.2.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from using file_exists with untrusted absolute paths in configuration handling. The security advisory specifically mentions removing ImageMagick path configuration as the fix, indicating the path was being passed to file_exists without proper validation. This allowed Phar deserialization when a malicious path was provided, as PHP's file_exists automatically parses Phar metadata. The function's presence in configuration validation logic (likely in ACP board settings handlers) made it the attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

P*ssin* *n **solut* p*t* to * *il*_*xists ****k in p*p** ***or* *.*.* *llows R*mot* *o** *x**ution t*rou** O*j**t Inj**tion *y *mployin* P**r **s*ri*liz*tion w**n *n *tt**k*r **s ****ss to t** **min *ontrol P*n*l wit* *oun**r p*rmissions.

Reasoning

T** vuln*r**ility st*ms *rom usin* *il*_*xists wit* untrust** **solut* p*t*s in *on*i*ur*tion **n*lin*. T** s**urity **visory sp**i*i**lly m*ntions r*movin* Im***M**i*k p*t* *on*i*ur*tion *s t** *ix, in*i**tin* t** p*t* w*s **in* p*ss** to *il*_*xist