CVE-2005-2817

Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.

Published: Sep 7, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2817
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
simple_machines / simple_machines_forum	1.0.5	1.0.5.x

http://rgod.altervista.org/smf105.html
http://seclists.org/lists/bugtraq/2005/Aug/0438.html
http://secunia.com/advisories/16646
http://securitytracker.com/id?1014828
https://exchange.xforce.ibmcloud.com/vulnerabilities/22093

Vulnerability Database

289,697

CVE-2005-2817