SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php. Patch Information - http://sourceforge.net/project/showfiles.php?group_id157188&package_id175626&release_id619251
Publication date: Sat, 04 Oct 2008 03:22:00 +0000