{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/phpbb/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2019-25685"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["phpBB","file-upload","deserialization","CVE-2019-25685"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2019-25685 is an arbitrary file upload vulnerability affecting phpBB. An authenticated attacker can exploit this vulnerability to upload malicious files by leveraging the plupload functionality and the phar:// stream wrapper. This allows them to upload a crafted ZIP archive that includes serialized PHP objects, leading to arbitrary code execution when these objects are deserialized via the imagick parameter within the attachment settings. Successful exploitation can result in complete server compromise, allowing the attacker to execute arbitrary commands, potentially leading to data theft, website defacement, or denial of service.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the phpBB application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious ZIP archive containing serialized PHP objects designed for remote code execution. This archive is designed to be processed by the \u003ccode\u003ephar://\u003c/code\u003e stream wrapper.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads the crafted ZIP archive through the plupload functionality, potentially disguised as a legitimate attachment type.\u003c/li\u003e\n\u003cli\u003eThe phpBB application processes the uploaded file. The application uses the phar:// stream wrapper to extract the contents of the uploaded ZIP file.\u003c/li\u003e\n\u003cli\u003eThe application deserializes the malicious PHP objects, triggered by the imagick parameter in attachment settings.\u003c/li\u003e\n\u003cli\u003eDeserialization of the crafted PHP objects leads to arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the web server, potentially escalating privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2019-25685 allows an attacker to execute arbitrary code on the phpBB server. The attacker could gain complete control of the web server, potentially leading to data theft, website defacement, or denial of service. The impact is significant due to the potential for full system compromise. The number of victims is dependent on the number of phpBB installations exposed and targeted.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for POST requests to attachment upload endpoints containing ZIP archives and the \u0026ldquo;phar://\u0026rdquo; wrapper in request parameters to detect potential exploit attempts. (Log Source: webserver, Rule: phpbb_phar_upload)\u003c/li\u003e\n\u003cli\u003eMonitor phpBB file upload directories for the creation of unexpected files, particularly PHP scripts or other executable files. (Log Source: file_event, Rule: phpbb_suspicious_file_creation)\u003c/li\u003e\n\u003cli\u003eApply available patches or updates for phpBB to address CVE-2019-25685 as soon as possible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-05T21:16:47Z","date_published":"2026-04-05T21:16:47Z","id":"/briefs/2026-04-phpbb-file-upload/","summary":"phpBB is vulnerable to arbitrary file upload (CVE-2019-25685) by exploiting the plupload functionality and phar:// stream wrapper, allowing authenticated attackers to upload crafted zip files containing serialized PHP objects that execute arbitrary code via the imagick parameter.","title":"phpBB Arbitrary File Upload Vulnerability (CVE-2019-25685)","url":"https://feed.craftedsignal.io/briefs/2026-04-phpbb-file-upload/"}],"language":"en","title":"CraftedSignal Threat Feed — PhpBB","version":"https://jsonfeed.org/version/1.1"}