Lucene search

[email protected]CVE-2005-2817

HistorySep 07, 2005 - 7:07 p.m.

CVE-2005-2817

2005-09-0719:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

smf

simple machines forum

cve-2005-2817

remote monitoring

avatar url

php

security vulnerability

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.3%

JSON

Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.5

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.5

References

rgod.altervista.org/smf105.html

seclists.org/lists/bugtraq/2005/Aug/0438.html

secunia.com/advisories/16646

securitytracker.com/id?1014828

exchange.xforce.ibmcloud.com/vulnerabilities/22093

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2005-2817

cvelist1 nessus1