CVE-2019-13973 Information
Feb 14, 2021
cve
Description
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted and .php may be used.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://blog.topsec.com.cn/E5A4A9E89E8DE4BFA1E585B3E4BA8Elayerbb-1-1-3-xssE6BC8FE6B49EE58886E69E90/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: