Vulnerabilities > Icebb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-03 | CVE-2008-4431 | SQL Injection vulnerability in Icebb SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | 7.5 |
| 2008-07-31 | CVE-2008-3416 | SQL Injection vulnerability in Icebb 1.0 SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | 7.5 |
| 2007-11-22 | CVE-2007-6083 | SQL Injection vulnerability in Icebb 1.0Rc6 SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | 7.5 |
| 2007-03-28 | CVE-2007-1726 | Remote PHP Code Execution vulnerability in Icebb 1.0Rc5 Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. | 6.5 |
| 2007-03-28 | CVE-2007-1725 | SQL Injection vulnerability in Icebb 1.0Rc5 SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | 9.3 |