Layerbb Security Vulnerabilities and Issues — Layerbb CVE List

Lucene search

LayerbbLayerbb

7 matches found

CVE•added 2019/09/20 2:16 a.m.•152 views

CVE-2019-16531

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

8.8CVSS8.6AI score0.0028EPSS

Web

CVE•added 2019/03/21 4:0 p.m.•49 views

CVE-2018-17996

LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.

6.5CVSS6.5AI score0.00519EPSS

Web

CVE•added 2019/03/21 4:0 p.m.•47 views

CVE-2018-17997

LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).

6.1CVSS5.9AI score0.02976EPSS

CVE•added 2019/03/07 11:29 p.m.•46 views

CVE-2018-17988

LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.

9.8CVSS9.9AI score0.00307EPSS

CVE•added 2019/07/19 7:15 a.m.•36 views

CVE-2019-13972

LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.

6.1CVSS5.9AI score

Web

CVE•added 2019/07/19 7:15 a.m.•30 views

CVE-2019-13974

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.

8.8CVSS8.7AI score0.00141EPSS

CVE•added 2019/07/19 7:15 a.m.•29 views

CVE-2019-13973

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.

9.8CVSS9.5AI score0.00433EPSS

Web