Arbitrary File Upload Vulnerability in LayerBB 1.1.3 by TopSec
CVE-2019-13973

9.8CRITICAL

Key Information:

Vendor: Layerbb
Status: Layerbb
Vendor: CVE Published:; 19 July 2019

What is CVE-2019-13973?

LayerBB version 1.1.3 contains a flaw that allows for arbitrary file uploads through the admin/general.php interface. The vulnerability arises from inadequate filename validation, which permits the use of the '.php' extension when uploading a custom logo. This could enable an attacker to upload and execute malicious PHP code on the server, leading to severe security breaches. Proper sanitization and restrictions on file types are necessary to mitigate this issue.

References

http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2019
Vulnerability Reserved
Jul 19, 2019

CVE-2019-13973 Data

JSON

Layerbb

What is CVE-2019-13973?

References

CVSS V3.1

Timeline