-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper input validation in phpBB's Native Fulltext Search component. The advisory explicitly mentions unrestricted search queries causing CPU-intensive SQL operations. The functions split_keywords (keyword processing) and keyword_search (query construction) in the fulltext_native backend are central to this mechanism. The patch in 3.2.6 introduced restrictions on search terms, confirming these functions' role. The file path aligns with phpBB's code structure, and the CWE-20 classification directly points to input validation flaws in these query-building functions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpbb/phpbb | composer | < 3.2.6 | 3.2.6 |