Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for layerbb by layerbb
CVE-2021-47954 (GCVE-0-2021-47954)
Vulnerability from nvd – Published: 2026-05-16 15:26 – Updated: 2026-05-18 18:48
VLAI
Title
LayerBB 1.1.4 SQL Injection via search_query Parameter
Summary
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49593 | exploit |
| https://www.vulncheck.com/advisories/layerbb-sql-… | third-party-advisory |
Date Public
2021-02-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T18:47:23.223796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T18:48:00.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LayerBB",
"vendor": "LayerBB",
"versions": [
{
"status": "affected",
"version": "1.1.4"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "G\u00f6rkem Ha\u015fin"
}
],
"datePublic": "2021-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T15:26:06.961Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49593",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49593"
},
{
"name": "VulnCheck Advisory: LayerBB 1.1.4 SQL Injection via search_query Parameter",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/layerbb-sql-injection-via-search-query-parameter"
}
],
"title": "LayerBB 1.1.4 SQL Injection via search_query Parameter",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47954",
"datePublished": "2026-05-16T15:26:06.961Z",
"dateReserved": "2026-02-01T11:24:18.720Z",
"dateUpdated": "2026-05-18T18:48:00.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-16531 (GCVE-0-2019-16531)
Vulnerability from nvd – Published: 2019-09-20 00:47 – Updated: 2024-08-05 01:17
VLAI
Summary
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/AndyRixon/LayerBB/pull/40 | x_refsource_MISC |
| https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/m… | x_refsource_MISC |
| https://github.com/AndyRixon/LayerBB/compare/1.1.… | x_refsource_MISC |
| http://packetstormsecurity.com/files/154549/Layer… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/pull/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T16:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/pull/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AndyRixon/LayerBB/pull/40",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/pull/40"
},
{
"name": "https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md"
},
{
"name": "https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4"
},
{
"name": "http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16531",
"datePublished": "2019-09-20T00:47:00.000Z",
"dateReserved": "2019-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:17:39.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13974 (GCVE-0-2019-13974)
Vulnerability from nvd – Published: 2019-07-19 06:08 – Updated: 2024-08-05 00:05
VLAI
Summary
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%B… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.3 allows conversations.php/cmd/new CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-19T06:08:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.3 allows conversations.php/cmd/new CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/",
"refsource": "MISC",
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13974",
"datePublished": "2019-07-19T06:08:13.000Z",
"dateReserved": "2019-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:05:44.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13973 (GCVE-0-2019-13973)
Vulnerability from nvd – Published: 2019-07-19 06:08 – Updated: 2024-08-05 00:05
VLAI
Summary
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%B… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-19T06:08:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/",
"refsource": "MISC",
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13973",
"datePublished": "2019-07-19T06:08:05.000Z",
"dateReserved": "2019-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:05:44.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13972 (GCVE-0-2019-13972)
Vulnerability from nvd – Published: 2019-07-19 06:07 – Updated: 2024-08-05 00:05
VLAI
Summary
LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%B… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-19T06:07:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/",
"refsource": "MISC",
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13972",
"datePublished": "2019-07-19T06:07:55.000Z",
"dateReserved": "2019-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:05:44.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17997 (GCVE-0-2018-17997)
Vulnerability from nvd – Published: 2019-03-17 19:02 – Updated: 2024-08-05 11:01
VLAI
Summary
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/151015/Layer… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46079/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/AndyRixon/LayerBB/commits/master | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html"
},
{
"name": "46079",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46079/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.1 allows XSS via the titles of conversations (PMs)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:02:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html"
},
{
"name": "46079",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46079/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.1 allows XSS via the titles of conversations (PMs)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html"
},
{
"name": "46079",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46079/"
},
{
"name": "https://github.com/AndyRixon/LayerBB/commits/master",
"refsource": "CONFIRM",
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17997",
"datePublished": "2019-03-17T19:02:22.000Z",
"dateReserved": "2018-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17996 (GCVE-0-2018-17996)
Vulnerability from nvd – Published: 2019-03-17 18:56 – Updated: 2024-08-05 11:01
VLAI
Summary
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/151694/Layer… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46379/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/AndyRixon/LayerBB/issues/38 | x_refsource_MISC |
| https://github.com/AndyRixon/LayerBB/commits/master | x_refsource_MISC |
Date Public
2019-01-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html"
},
{
"name": "46379",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46379/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/issues/38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-18T18:46:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html"
},
{
"name": "46379",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46379/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/issues/38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html"
},
{
"name": "46379",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46379/"
},
{
"name": "https://github.com/AndyRixon/LayerBB/issues/38",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/issues/38"
},
{
"name": "https://github.com/AndyRixon/LayerBB/commits/master",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17996",
"datePublished": "2019-03-17T18:56:56.000Z",
"dateReserved": "2018-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17988 (GCVE-0-2018-17988)
Vulnerability from nvd – Published: 2019-03-07 22:00 – Updated: 2024-08-05 11:01
VLAI
Summary
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45530/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/AndyRixon/LayerBB/issues/51 | x_refsource_MISC |
Date Public
2018-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45530",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45530/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/issues/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-20T20:06:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45530",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45530/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/issues/51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45530",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45530/"
},
{
"name": "https://github.com/AndyRixon/LayerBB/issues/51",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/issues/51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17988",
"datePublished": "2019-03-07T22:00:00.000Z",
"dateReserved": "2018-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47954 (GCVE-0-2021-47954)
Vulnerability from cvelistv5 – Published: 2026-05-16 15:26 – Updated: 2026-05-18 18:48
VLAI
Title
LayerBB 1.1.4 SQL Injection via search_query Parameter
Summary
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49593 | exploit |
| https://www.vulncheck.com/advisories/layerbb-sql-… | third-party-advisory |
Date Public
2021-02-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T18:47:23.223796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T18:48:00.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LayerBB",
"vendor": "LayerBB",
"versions": [
{
"status": "affected",
"version": "1.1.4"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:layerbb:layerbb:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "G\u00f6rkem Ha\u015fin"
}
],
"datePublic": "2021-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T15:26:06.961Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49593",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49593"
},
{
"name": "VulnCheck Advisory: LayerBB 1.1.4 SQL Injection via search_query Parameter",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/layerbb-sql-injection-via-search-query-parameter"
}
],
"title": "LayerBB 1.1.4 SQL Injection via search_query Parameter",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47954",
"datePublished": "2026-05-16T15:26:06.961Z",
"dateReserved": "2026-02-01T11:24:18.720Z",
"dateUpdated": "2026-05-18T18:48:00.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-16531 (GCVE-0-2019-16531)
Vulnerability from cvelistv5 – Published: 2019-09-20 00:47 – Updated: 2024-08-05 01:17
VLAI
Summary
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/AndyRixon/LayerBB/pull/40 | x_refsource_MISC |
| https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/m… | x_refsource_MISC |
| https://github.com/AndyRixon/LayerBB/compare/1.1.… | x_refsource_MISC |
| http://packetstormsecurity.com/files/154549/Layer… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/pull/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T16:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/pull/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AndyRixon/LayerBB/pull/40",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/pull/40"
},
{
"name": "https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md"
},
{
"name": "https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4"
},
{
"name": "http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16531",
"datePublished": "2019-09-20T00:47:00.000Z",
"dateReserved": "2019-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:17:39.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13974 (GCVE-0-2019-13974)
Vulnerability from cvelistv5 – Published: 2019-07-19 06:08 – Updated: 2024-08-05 00:05
VLAI
Summary
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%B… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.3 allows conversations.php/cmd/new CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-19T06:08:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.3 allows conversations.php/cmd/new CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/",
"refsource": "MISC",
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13974",
"datePublished": "2019-07-19T06:08:13.000Z",
"dateReserved": "2019-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:05:44.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13973 (GCVE-0-2019-13973)
Vulnerability from cvelistv5 – Published: 2019-07-19 06:08 – Updated: 2024-08-05 00:05
VLAI
Summary
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%B… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-19T06:08:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/",
"refsource": "MISC",
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13973",
"datePublished": "2019-07-19T06:08:05.000Z",
"dateReserved": "2019-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:05:44.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13972 (GCVE-0-2019-13972)
Vulnerability from cvelistv5 – Published: 2019-07-19 06:07 – Updated: 2024-08-05 00:05
VLAI
Summary
LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%B… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-19T06:07:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/",
"refsource": "MISC",
"url": "http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13972",
"datePublished": "2019-07-19T06:07:55.000Z",
"dateReserved": "2019-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:05:44.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17997 (GCVE-0-2018-17997)
Vulnerability from cvelistv5 – Published: 2019-03-17 19:02 – Updated: 2024-08-05 11:01
VLAI
Summary
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/151015/Layer… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46079/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/AndyRixon/LayerBB/commits/master | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html"
},
{
"name": "46079",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46079/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.1 allows XSS via the titles of conversations (PMs)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:02:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html"
},
{
"name": "46079",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46079/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.1 allows XSS via the titles of conversations (PMs)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html"
},
{
"name": "46079",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46079/"
},
{
"name": "https://github.com/AndyRixon/LayerBB/commits/master",
"refsource": "CONFIRM",
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17997",
"datePublished": "2019-03-17T19:02:22.000Z",
"dateReserved": "2018-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17996 (GCVE-0-2018-17996)
Vulnerability from cvelistv5 – Published: 2019-03-17 18:56 – Updated: 2024-08-05 11:01
VLAI
Summary
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/151694/Layer… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46379/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/AndyRixon/LayerBB/issues/38 | x_refsource_MISC |
| https://github.com/AndyRixon/LayerBB/commits/master | x_refsource_MISC |
Date Public
2019-01-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html"
},
{
"name": "46379",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46379/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/issues/38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-18T18:46:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html"
},
{
"name": "46379",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46379/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/issues/38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html"
},
{
"name": "46379",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46379/"
},
{
"name": "https://github.com/AndyRixon/LayerBB/issues/38",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/issues/38"
},
{
"name": "https://github.com/AndyRixon/LayerBB/commits/master",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/commits/master"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17996",
"datePublished": "2019-03-17T18:56:56.000Z",
"dateReserved": "2018-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17988 (GCVE-0-2018-17988)
Vulnerability from cvelistv5 – Published: 2019-03-07 22:00 – Updated: 2024-08-05 11:01
VLAI
Summary
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45530/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/AndyRixon/LayerBB/issues/51 | x_refsource_MISC |
Date Public
2018-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45530",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45530/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/AndyRixon/LayerBB/issues/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-20T20:06:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45530",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45530/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AndyRixon/LayerBB/issues/51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45530",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45530/"
},
{
"name": "https://github.com/AndyRixon/LayerBB/issues/51",
"refsource": "MISC",
"url": "https://github.com/AndyRixon/LayerBB/issues/51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17988",
"datePublished": "2019-03-07T22:00:00.000Z",
"dateReserved": "2018-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}