LayerBB 1.1.4 - Cross-Site Request Forgery

LayerBB 1.1.4 - Cross-Site Request Forgery Exploit Title: LayerBB 1.1.3 - Multiple CSRF Date: 4/7/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=30 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-16531 1...

Sql injection

LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...

CVE-2019-13974

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF...

CVE-2019-13972

LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...