CVE-2007-1725

Name of the Vulnerable Software and Affected Versions: IceBB versions 1.0-rc5

Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function. This can be achieved by setting admin privileges, demonstrating the potential for significant unauthorized access and control.

Recommendations: For IceBB version 1.0-rc5, consider restricting access to the avatar upload function until a fix is available, and avoid using the filename parameter in the upload process to minimize the risk of exploitation.