Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 21/03/2019 Updated: 22/03/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 585

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

LayerBB prior to 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
layerbb layerbb 1.1.2

# Exploit Title: LayerBB 112 - Cross-Site Request Forgery # Date: 10/4/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pmme # Software Link: forumlayerbbcom # Version: 112 # Tested on: Ubuntu 1804 # CVE: CVE-2018-17996 1 Description: LayerBB is a free open-source forum software, the CSRF allows creating a admin user ...

CWE-352 https://www.exploit-db.com/exploits/46379/https://github.com/AndyRixon/LayerBB/issues/38 https://github.com/AndyRixon/LayerBB/commits/master http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html https://nvd.nist.gov https://www.exploit-db.com/exploits/46379

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-17996

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect