layerbb vulnerabilities and exploits

6.8
CVSSv2
CVE-2019-13974

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF....

7.5
CVSSv2
CVE-2018-17988

LayerBB 1.1.1 has SQL Injection via the search.php search_query parameter....

5.8
CVSSv2
CVE-2018-17996

LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/....

Layerbb
4.3
CVSSv2
CVE-2018-17997

LayerBB 1.1.1 allows XSS via the titles of conversations (PMs)....

Layerbb
4.3
CVSSv2
CVE-2019-13972

LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997....

7.5
CVSSv2
CVE-2019-13973

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used....

NA
CVE-2018-179971

LayerBB version 1.1.1 suffers from a cross site scripting vulnerability....

NA
CVE-2019-76881

LayerBB version 1.1.2 suffers from a cross site scripting vulnerability....

NA
CVE-2018-179961

LayerBB version 1.1.2 suffers from a cross site request forgery vulnerability....