CVE-2007-1726

Name of the Vulnerable Software and Affected Versions: IceBB versions 1.0-rc5

Description: The issue concerns an unrestricted file upload vulnerability. This vulnerability allows remote authenticated users to upload arbitrary files via the avatar function in index.php. These uploaded files can later be accessed in the uploads/ directory.

Recommendations: For IceBB version 1.0-rc5, consider restricting the types of files that can be uploaded through the avatar function to prevent the upload of malicious files. As a temporary workaround, restrict access to the uploads/ directory to minimize the risk of exploitation.