Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3416 | 1 Icebb | 1 Icebb | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | |||||
| CVE-2008-4431 | 1 Icebb | 1 Icebb | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | |||||
| CVE-2007-1726 | 1 Icebb | 1 Icebb | 2024-02-04 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. | |||||
| CVE-2007-1725 | 1 Icebb | 1 Icebb | 2024-02-04 | 9.3 HIGH | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | |||||
| CVE-2007-6083 | 1 Icebb | 1 Icebb | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||||