CVE-2008-3416

Name of the Vulnerable Software and Affected Versions IceBB versions prior to 1.0-rc9.3

Description The issue allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to "index.php". This is related to an incorrect protection mechanism in the clean string function in "includes/functions.php".

Recommendations For versions prior to 1.0-rc9.3, update to version 1.0-rc9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "members" action in "index.php" to minimize the risk of exploitation. Avoid using the username parameter in the affected module until the issue is resolved.