Security Advisory

CVE-2007-1725

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-03-28 10:00:00

Last updated 2024-08-07 13:06:26

Assigner mitre

State PUBLISHED

Description

SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.

← Browse all CVEs View on cve.org ↗