Vulnerabilities > CVE-2007-1725 - SQL Injection vulnerability in Icebb 1.0Rc5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. Successful exploitation allows an attacker to gain administrator privileges, but requires that "magic_quotes_gpc" is disabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description IceBB 1.0-rc5 Remote Code Execution Exploit. CVE-2007-1725,CVE-2007-1726. Webapps exploit for php platform file exploits/php/webapps/3581.pl id EDB-ID:3581 last seen 2016-01-31 modified 2007-03-26 platform php port published 2007-03-26 reporter Hessam-x source https://www.exploit-db.com/download/3581/ title IceBB 1.0-rc5 - Remote Code Execution Exploit type webapps description IceBB 1.0-rc5 Remote Create Admin Exploit. CVE-2007-1725. Webapps exploit for php platform file exploits/php/webapps/3580.pl id EDB-ID:3580 last seen 2016-01-31 modified 2007-03-26 platform php port published 2007-03-26 reporter Hessam-x source https://www.exploit-db.com/download/3580/ title IceBB 1.0-rc5 - Remote Create Admin Exploit type webapps