CVE-2007-1725

SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/34497
http://secunia.com/advisories/24644	Vendor Advisory
http://www.securityfocus.com/bid/23158
http://www.vupen.com/english/advisories/2007/1116
https://exchange.xforce.ibmcloud.com/vulnerabilities/33240
https://www.exploit-db.com/exploits/3580
https://www.exploit-db.com/exploits/3581

Configurations

Configuration 1 (hide)

cpe:2.3:a:icebb:icebb:1.0_rc_5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-03-28 10:19

Updated : 2024-02-28 11:01

NVD link : CVE-2007-1725

Mitre link : CVE-2007-1725

CVE.ORG link : CVE-2007-1725

JSON object : View

Products Affected

icebb

icebb

CWE

NVD-CWE-Other

{"id": "CVE-2007-1725", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-28T10:19:00.000", "references": [{"url": "http://osvdb.org/34497", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24644", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23158", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1116", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33240", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3580", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3581", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php en IceBB 1.0-rc5 permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n mediante el nombre de fichero de un fichero promocionado a la funci\u00f3n avatar, como se demuestra otorgando privilegios de administraci\u00f3n."}], "lastModified": "2017-10-19T01:30:08.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:icebb:icebb:1.0_rc_5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5C85C26-3A5A-43C3-B636-AE2133ED0CBA"}], "operator": "OR"}]}], "evaluatorImpact": "Successful exploitation allows an attacker to gain administrator privileges, but requires that \"magic_quotes_gpc\" is disabled.", "sourceIdentifier": "cve@mitre.org"}