Layerbb

layerbb

Vendor: Layerbb • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16531 1Layerbb 1Layerbb Jun 17, 2026 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVE-2019-13974 1Layerbb 1Layerbb Jun 17, 2026 Jul 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
CVE-2019-13973 1Layerbb 1Layerbb Jun 17, 2026 Jul 19, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
CVE-2019-13972 1Layerbb 1Layerbb Jun 17, 2026 Jul 19, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
CVE-2018-17997 1Layerbb 1Layerbb Nov 21, 2024 Mar 21, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
CVE-2018-17996 1Layerbb 1Layerbb Nov 21, 2024 Mar 21, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
CVE-2018-17988 1Layerbb 1Layerbb Nov 21, 2024 Mar 7, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.