CVE-2026-25923 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to fil…
High CVSS: 8.7

CVE-2026-25923

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file (disguised as JPEG) via the image upload feature, trigger Phar deserialization through BBCode [img] tag processing, and exploit Smarty 4.1.0 POP chain to achieve arbitrary file deletion. This vulnerability is fixed in 20260208.1.
Vendor
Mylittleforum
Product
My Little Forum
CWE
CWE-434
Yayın Tarihi
2026-02-09 22:16:04
Güncelleme
2026-03-17 20:30:28
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-434 My Little Forum HIGH Mylittleforum 2026

Referanslar

https://github.com/My-Little-Forum/mylittleforum/releases/tag/20260208.1 https://github.com/My-Little-Forum/mylittleforum/security/advisories/GHSA-wr9p-3c3g-78fw