IceBB: Information Disclosure Vulnerability

Users of IceBB please be advised of an Information disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

HTB22686: Information disclosure in IceBB
Product: IceBB
Vulnerability Type: Information Disclosure
Vulnerability Details:
The vulnerability exists due to failure in the “/index.php” script to properly sanitize user-supplied input in
“icebb_login_key” variable from cookie, it’s possible to generate an sql query error that will reveal the database
tables prefix.Read more at http://www.criticalwatch.com
 

Advertisements