ByteOS Network

NVD Vulnerability Details :

CVE-2008-4431

Modified

Source-cve@mitre.org

Published At-03 Oct, 2008 | 22:22

Updated At-08 Aug, 2017 | 01:32

SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

icebb>>icebb>>Versions up to 1.0(inclusive)

cpe:2.3:a:icebb:icebb:*:rc9.3:*:*:*:*:*:*

icebb>>icebb>>0.9

cpe:2.3:a:icebb:icebb:0.9:rc1:*:*:*:*:*:*

icebb>>icebb>>0.9.1

cpe:2.3:a:icebb:icebb:0.9.1:*:*:*:*:*:*:*

icebb>>icebb>>0.9.2

cpe:2.3:a:icebb:icebb:0.9.2:*:*:*:*:*:*:*

icebb>>icebb>>0.9.2.1

cpe:2.3:a:icebb:icebb:0.9.2.1:*:*:*:*:*:*:*

icebb>>icebb>>0.9.3

cpe:2.3:a:icebb:icebb:0.9.3:*:*:*:*:*:*:*

icebb>>icebb>>0.9.3.1

cpe:2.3:a:icebb:icebb:0.9.3.1:*:*:*:*:*:*:*

icebb>>icebb>>1.0

cpe:2.3:a:icebb:icebb:1.0:rc5:*:*:*:*:*:*

icebb>>icebb>>1.0

cpe:2.3:a:icebb:icebb:1.0:rc5.1:*:*:*:*:*:*

icebb>>icebb>>1.0

cpe:2.3:a:icebb:icebb:1.0:rc6:*:*:*:*:*:*

icebb>>icebb>>1.0

cpe:2.3:a:icebb:icebb:1.0:rc7:*:*:*:*:*:*

icebb>>icebb>>1.0

cpe:2.3:a:icebb:icebb:1.0:rc8:*:*:*:*:*:*

icebb>>icebb>>1.0

cpe:2.3:a:icebb:icebb:1.0:rc9:*:*:*:*:*:*

icebb>>icebb>>1.0

cpe:2.3:a:icebb:icebb:1.0:rc9.1:*:*:*:*:*:*

icebb>>icebb>>1.0

cpe:2.3:a:icebb:icebb:1.0:rc9.2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	nvd@nist.gov

CWE ID: CWE-89

Type: Primary

Source: nvd@nist.gov

Evaluator Solution

Patch Information - http://sourceforge.net/project/showfiles.php?group_id=157188&package_id=175626&release_id=619251

References

Hyperlink	Source	Resource
http://forums.xaos-ia.com/?topic=765	cve@mitre.org	N/A
http://secunia.com/advisories/31439	cve@mitre.org	Vendor Advisory
http://www.securityfocus.com/bid/30656	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44403	cve@mitre.org	N/A