Vulnerabilities
Vulnerable Software
Layerbb:  >> Layerbb  >> 1.1.3  Security Vulnerabilities
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-20
LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-19
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-19
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-07-19
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-03-07


Contact Us

Shodan ® - All rights reserved