CVE-2005-2817

Published: Sep 7, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.

Affected (1)

Products: Simple Machines: Simple Machines Forum

Simple Machines

1 product

Simple Machines Forum

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Simple Machines Simple Machines Forum	Version 1.0.5

References (10)

http://rgod.altervista.org/smf105.html

Source: cve@mitre.org

Exploit

http://seclists.org/lists/bugtraq/2005/Aug/0438.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/16646

Source: cve@mitre.org

http://securitytracker.com/id?1014828

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/22093

Source: cve@mitre.org

http://rgod.altervista.org/smf105.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/lists/bugtraq/2005/Aug/0438.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/16646

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1014828

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/22093

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.