# Exploit Title: LayerBB 1.1.2 - Cross-Site Request Forgery # Date: 10/4/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://forum.layerbb.com # Version: 1.1.2 # Tested on: Ubuntu 18.04 # CVE: CVE-2018-17996 1. Description: LayerBB is a free open-source forum software, the CSRF allows creating a admin user. 2. Proof of Concept:



3. Solution: Update to 1.1.3