LayerBB
by LayerBB
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13973 | Cri | 0.64 | 9.8 | 0.02 | Jul 19, 2019 | LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. | ||
| CVE-2018-17988 | Cri | 0.64 | 9.8 | 0.02 | Mar 7, 2019 | LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter. | ||
| CVE-2019-13974 | Hig | 0.57 | 8.8 | 0.01 | Jul 19, 2019 | LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | ||
| CVE-2021-47954 | Hig | 0.53 | 8.2 | 0.00 | May 16, 2026 | LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN… | ||
| CVE-2019-16531 | Hig | 0.53 | 8.8 | 0.03 | Sep 20, 2019 | LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. | ||
| CVE-2018-17996 | Med | 0.45 | 6.5 | 0.03 | Mar 21, 2019 | LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/. | ||
| CVE-2018-17997 | Med | 0.43 | 6.1 | 0.04 | Mar 21, 2019 | LayerBB 1.1.1 allows XSS via the titles of conversations (PMs). | ||
| CVE-2019-13972 | Med | 0.40 | 6.1 | 0.01 | Jul 19, 2019 | LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. |
- risk 0.64cvss 9.8epss 0.02
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
- risk 0.64cvss 9.8epss 0.02
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
- risk 0.57cvss 8.8epss 0.01
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
- risk 0.53cvss 8.2epss 0.00
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN…
- risk 0.53cvss 8.8epss 0.03
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
- risk 0.45cvss 6.5epss 0.03
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
- risk 0.43cvss 6.1epss 0.04
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
- risk 0.40cvss 6.1epss 0.01
LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.