IceBB: Information Disclosure Vulnerability

Users of IceBB please be advised of an Information disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

HTB22687: Information disclosure in IceBB
Product: IceBB
Vulnerability Type: Information Disclosure
Vulnerability Details:
The vulnerability exists due to failure in the “/index.php” and “/admin/index.php” scripts to properly sanitize
user-supplied input in “s” variable, it’s possible to generate an sql query error that will reveal the database tables
prefix.
Read more at http://www.criticalwatch.com
 

Advertisements