PT-2005-3694 · Simple Machines · Simple Machines Forum

Retrogod

Published

2005-09-07

Updated

2017-07-11

CVE-2005-2817

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) versions 1.0.5 and earlier

Description The issue allows remote attackers to monitor sensitive information of forum visitors, such as IP address and user agent, by using URLs for avatar images. This can be achieved through a PHP script on a malicious server.

Recommendations For Simple Machines Forum (SMF) versions 1.0.5 and earlier, consider disabling the use of URLs for avatar images until a fix is available. Restrict access to sensitive user information to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2817

Affected Products

Simple Machines Forum

PT-2005-3694 · Simple Machines · Simple Machines Forum

CVE-2005-2817

Related Identifiers

Affected Products

References · 6