Layerbb: >> Layerbb Security Vulnerabilities
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-20
LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-19
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-19
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-07-19
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-03-21
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
CVSS Score
6.1
EPSS Score
0.035
Published
2019-03-21
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-03-07