Skip to main content

Layerbb

4 CVEs product

Monthly

CVE-2019-16531 HIGH POC PATCH This Week

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP CSRF Layerbb
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-13974 HIGH PATCH This Week

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP CSRF Layerbb
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-13973 CRITICAL POC Act Now

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Layerbb
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13972 MEDIUM POC This Month

LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Layerbb
NVD
CVSS 3.0
6.1
EPSS
0.9%
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP CSRF Layerbb
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP CSRF Layerbb
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Layerbb
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Layerbb
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy