This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Phpbb
  • Phpbb

No data.

No data.

References

No reference.

History

Sun, 19 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
CPEs cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Sun, 19 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Title phpBB Arbitrary File Upload via Phar Deserialization
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 19 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
Description phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when deserialized through the imagick parameter in attachment settings. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CPEs cpe:2.3:a:phpbb:phpbb:3.2.3:*:*:*:*:*:*:*
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Thu, 09 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when deserialized through the imagick parameter in attachment settings.
Title phpBB Arbitrary File Upload via Phar Deserialization
First Time appeared Phpbb
Phpbb phpbb
Weaknesses CWE-22
CPEs cpe:2.3:a:phpbb:phpbb:3.2.3:*:*:*:*:*:*:*
Vendors & Products Phpbb
Phpbb phpbb
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: REJECTED

Assigner: VulnCheck

Published: 2026-04-05T20:45:33.893Z

Updated: 2026-04-19T12:36:07.579Z

Reserved: 2026-04-05T15:21:44.156Z

Link: CVE-2019-25685

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2026-04-05T21:16:47.140

Modified: 2026-04-19T13:16:33.777

Link: CVE-2019-25685

cve-icon Redhat

No data.