CVE-2018-17996

Sažetak

LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.

Reference

http://packetstormsecurity.com/files/151694/LayerBB-1.1.2-Cross-Site-Request-Forgery.html
https://github.com/AndyRixon/LayerBB/commits/master
https://github.com/AndyRixon/LayerBB/issues/38
https://www.exploit-db.com/exploits/46379/

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

22-03-2019 - 14:04

Objavljeno

21-03-2019 - 16:00