Published: 20/09/2019 Updated: 20/09/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

LayerBB prior to 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
layerbb layerbb

# Exploit Title: LayerBB 113 - Multiple CSRF # Date: 4/7/2019 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pmme # Software Link: forumlayerbbcom/downloadsphp?view=file&id=30 # Version: 113 # Tested on: Ubuntu 1804 # CVE: CVE-2019-16531 1 Description: LayerBB is a free open-source forum software, multiple CSRF vulner ...

A repository for the CSRF found in LayerBB 1.1.3

LayerBB 113 CSRF A repository for the CSRF vulnerabilities found in LayerBB 113 with a proof of concept CVE: CVE-2019-16531 Packet Strom Link: packetstormsecuritycom/files/154549/ Exploit-DB Link: exploit-dbcom/exploits/47403 Proof of Concepts: Edit Usergroup Edit User Edit Category Edit Node System Settings Manage Category Manage Node Mass Email Navbar New Category New

CWE-352 https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md https://github.com/AndyRixon/LayerBB/pull/40 https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4 http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html https://nvd.nist.gov https://github.com/0xB9/LayerBB-1.1.3-CSRF https://www.exploit-db.com/exploits/47403

CVE-2019-16531

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect