VYPR
Vendor

LayerBB

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2019-13973CriJul 19, 2019
    risk 0.64cvss 9.8epss 0.02

    LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.

  • CVE-2018-17988CriMar 7, 2019
    risk 0.64cvss 9.8epss 0.02

    LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.

  • CVE-2019-13974HigJul 19, 2019
    risk 0.57cvss 8.8epss 0.01

    LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.

  • CVE-2021-47954HigMay 16, 2026
    risk 0.53cvss 8.2epss 0.00

    LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN…

  • CVE-2019-16531HigSep 20, 2019
    risk 0.53cvss 8.8epss 0.03

    LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

  • CVE-2018-17996MedMar 21, 2019
    risk 0.45cvss 6.5epss 0.03

    LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.

  • CVE-2018-17997MedMar 21, 2019
    risk 0.43cvss 6.1epss 0.04

    LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).

  • CVE-2019-13972MedJul 19, 2019
    risk 0.40cvss 6.1epss 0.01

    LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.