Users of IceBB please be advised of an Information disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22687: Information disclosure in IceBB
Product: IceBB
Vulnerability Type: Information Disclosure
Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" and "/admin/index.php" scripts to properly sanitize
user-supplied input in "s" variable, it's possible to generate an sql query error that will reveal the database tables
prefix.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/ah6NIA
No comments:
Post a Comment