exploitDog

CVE-2019-16531

Опубликовано: 20 сент. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

Ссылки

http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html
https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md
Exploit
Third Party Advisory
https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4
Patch
Third Party Advisory
https://github.com/AndyRixon/LayerBB/pull/40
Patch
Third Party Advisory
http://packetstormsecurity.com/files/154549/LayerBB-1.1.3-Cross-Site-Request-Forgery.html
https://github.com/0xB9/LayerBB-1.1.3-CSRF/blob/master/README.md
Exploit
Third Party Advisory
https://github.com/AndyRixon/LayerBB/compare/1.1.3...1.1.4
Patch
Third Party Advisory
https://github.com/AndyRixon/LayerBB/pull/40
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:layerbb:layerbb:*:*:*:*:*:*:*:*

Версия до 1.1.4 (исключая)

EPSS

Процентиль: 51%

0.0028

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-vmr6-p4cg-ph5r

github

больше 3 лет назад

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

EPSS

Процентиль: 51%

0.0028

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352