Cross-Site Request Forgery Vulnerability in LayerBB by Open Source Community
CVE-2019-13974

8.8HIGH

Key Information:

Vendor: Layerbb
Status: Layerbb
Vendor: CVE Published:; 19 July 2019

What is CVE-2019-13974?

LayerBB version 1.1.3 is susceptible to a Cross-Site Request Forgery (CSRF) attack via the conversations.php/cmd/new endpoint. This vulnerability allows an attacker to execute unauthorized actions on behalf of a logged-in user without their consent. Proper validation and anti-CSRF measures are recommended to safeguard against such attacks, ensuring user sessions are protected from being exploited.

References

http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2019
Vulnerability Reserved
Jul 19, 2019

CVE-2019-13974 Data

JSON

Layerbb

What is CVE-2019-13974?

References

CVSS V3.1

Timeline