CVE-2008-4431

SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php.

Link	Resource
http://secunia.com/advisories/31439	Vendor Advisory
http://forums.xaos-ia.com/?topic=765
http://www.securityfocus.com/bid/30656
https://exchange.xforce.ibmcloud.com/vulnerabilities/44403

Configuration 1

cpe:2.3:a:icebb:icebb:0.9.2:*:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:1.0:rc8:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:1.0:rc9.1:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:0.9:rc1:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:0.9.2.1:*:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:1.0:rc6:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:*:rc9.3:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:0.9.3.1:*:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:1.0:rc7:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:0.9.3:*:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:0.9.1:*:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:1.0:rc9.2:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:1.0:rc9:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:1.0:rc5.1:*:*:*:*:*:* cpe:2.3:a:icebb:icebb:1.0:rc5:*:*:*:*:*:*

---

Published : 2008-10-03 10:22

Updated : 2017-08-08 01:32

---

NVD link : CVE-2008-4431

Mitre link : CVE-2008-4431

No products.

CWE-89