PT-2019-13502 · Layerbb · Layerbb

Published

2019-07-19

Updated

2019-07-19

CVE-2019-13973

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LayerBB version 1.1.3

Description The issue allows for arbitrary file upload in the admin/general.php file due to the lack of restriction on the custom logo filename suffix, enabling the use of .php suffixes.

Recommendations For LayerBB version 1.1.3, restrict the custom logo filename suffix to prevent the use of .php extensions as a temporary workaround, and update to a newer version that addresses this issue once available.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-13973

Affected Products

Layerbb

PT-2019-13502 · Layerbb · Layerbb

CVE-2019-13973

Weakness Enumeration

Related Identifiers

Affected Products

References · 3