IceBB Avatar Upload Remote PHP Code Execution Vulnerability

IceBB Avatar Upload Remote PHP Code Execution Vulnerability

IceBB is prone to an arbitrary PHP code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary malicious PHP code by uploading malicious PHP files. This may help the attacker compromise the application and the underlying system; other attacks are also possible.

Version 1.0-rc5 is vulnerable to this issue; other versions may also be affected.