CVE-2008-4431

Name of the Vulnerable Software and Affected Versions: IceBB versions 1.0-rc9.3 and earlier

Description: The issue is related to a SQL injection vulnerability. It allows remote attackers to execute arbitrary SQL commands via the skin parameter. This is likely due to an incorrect protection mechanism in the clean string function.

Recommendations: For IceBB versions 1.0-rc9.3 and earlier, consider restricting access to the skin parameter in the index.php file until a patch is available. As a temporary workaround, review and modify the clean string function in includes/functions.php to properly protect against SQL injection attacks.