CVE-2018-17996

Name of the Vulnerable Software and Affected Versions LayerBB versions prior to 1.1.3

Description The issue allows for Cross-Site Request Forgery (CSRF) attacks, which can be used to perform unauthorized actions such as adding a user via "admin/new user.php", deleting a user via "admin/members.php/delete user/", and deleting content via "mod/delete.php/".

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as "admin/new user.php", "admin/members.php/delete user/", and "mod/delete.php/", to minimize the risk of exploitation.