Known Vulnerabilities for products from Layerbb
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Layerbb".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-47954 json | Not Provided | 2026-05-16 | 2026-05-16 | |
| CVE-2019-16531 json | LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. | 8.8 - HIGH | 2019-09-20 | 2019-09-20 |
| CVE-2019-13974 json | LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | 8.8 - HIGH | 2019-07-19 | 2019-07-19 |
| CVE-2019-13973 json | LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .... | 9.8 - CRITICAL | 2019-07-19 | 2019-07-19 |
| CVE-2019-13972 json | LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. | 6.1 - MEDIUM | 2019-07-19 | 2019-07-19 |
| CVE-2018-17997 json | LayerBB 1.1.1 allows XSS via the titles of conversations (PMs). | 6.1 - MEDIUM | 2019-03-21 | 2019-03-22 |
| CVE-2018-17996 json | LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/... | 6.5 - MEDIUM | 2019-03-21 | 2019-03-22 |
| CVE-2018-17988 json | LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter. | 9.8 - CRITICAL | 2019-03-07 | 2022-04-19 |
Known software with vulnerabilities from Layerbb
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Layerbb | Layerbb | 1.0.4 |