IceBB 'index.php' SQL Injection Vulnerability
BID:30656
Info
IceBB 'index.php' SQL Injection Vulnerability
| Bugtraq ID: | 30656 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-4431 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 11 2008 12:00AM |
| Updated: | May 07 2015 05:25PM |
| Credit: | Matt |
| Vulnerable: |
IceBB IceBB 1.0-rc9.3 IceBB IceBB 1.0-rc9.2 IceBB IceBB 1.0-rc9.1 IceBB IceBB 1.0-rc6 IceBB IceBB 1.0-rc5 |
| Not Vulnerable: |
IceBB IceBB 1.0-rc10 |
Discussion
IceBB 'index.php' SQL Injection Vulnerability
IceBB is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input before using it an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to IceBB 1.0-rc10 are affected.
IceBB is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input before using it an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to IceBB 1.0-rc10 are affected.
Exploit / POC
IceBB 'index.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
IceBB 'index.php' SQL Injection Vulnerability
Solution:
The vendor released IceBB 1.0-rc10 to address this issue. Please see the references for more information.
Solution:
The vendor released IceBB 1.0-rc10 to address this issue. Please see the references for more information.
References
IceBB 'index.php' SQL Injection Vulnerability
References:
References:
- Security Update [08/11/08], Should be the last one for a while (MutantMonkey)
- Vendor Homepage (IceBB)