CVE-2007-1725
IceBB 1.0-rc5 contains an SQL injection via index.php where the filename of an uploaded avatar file is used in a SQL query. The vulnerability permits remote authenticated users to execute arbitrary SQL commands, demonstrated by elevating privileges to admin. The connected sources corroborate the ...