vendor:
IceBB
by:
Hessam-x
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: IceBB
Affected Version From: IceBB version 1.0-rc5
Affected Version To: IceBB version 1.0-rc5
Patch Exists: No
Related CWE:
CPE:
Platforms Tested:
Unknown
IceBB 1.0-rc5 Remote Create Admin Exploit
This exploit allows an attacker to create an admin account in IceBB version 1.0-rc5. The attacker needs to register a user and then run the exploit with the provided host, username, and password. Once successful, the attacker can login with admin access. The vulnerability is related to the magic_quotes_gpc setting being turned off.
Mitigation:
Enable magic_quotes_gpc setting to prevent this exploit.