ID CVE-2005-2817 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:33:00
Description
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
{"id": "CVE-2005-2817", "bulletinFamily": "NVD", "title": "CVE-2005-2817", "description": "Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.", "published": "2005-09-07T19:07:00", "modified": "2017-07-11T01:33:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2817", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/22093", "http://securitytracker.com/id?1014828", "http://secunia.com/advisories/16646", "http://rgod.altervista.org/smf105.html", "http://seclists.org/lists/bugtraq/2005/Aug/0438.html"], "cvelist": ["CVE-2005-2817"], "type": "cve", "lastseen": "2020-10-03T11:34:55", "edition": 3, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:19120"]}, {"type": "nessus", "idList": ["SMF_AVATAR_CODE_INJECTION.NASL"]}], "modified": "2020-10-03T11:34:55", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2020-10-03T11:34:55", "rev": 2}, "vulnersScore": 5.1}, "cpe": ["cpe:/a:simple_machines:simple_machines_forum:1.0.5"], "affectedSoftware": [{"cpeName": "simple_machines:simple_machines_forum", "name": "simple machines simple machines forum", "operator": "eq", "version": "1.0.5"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2817"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.simplemachines.org/\nSecurity Tracker: 1014828\n[Secunia Advisory ID:16646](https://secuniaresearch.flexerasoftware.com/advisories/16646/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0440.html\nISS X-Force ID: 22093\n[CVE-2005-2817](https://vulners.com/cve/CVE-2005-2817)\n", "modified": "2005-08-31T10:35:31", "published": "2005-08-31T10:35:31", "href": "https://vulners.com/osvdb/OSVDB:19120", "id": "OSVDB:19120", "title": "Simple Machines Forum (SMF) Offsite Avatar Information Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-01T05:48:30", "description": "The remote host is running Simple Machines Forum (SMF), an open source\nweb forum application written in PHP.\n\nThe installed version of SMF on the remote host does not properly\nsanitize the URI supplied for the user avatar. An attacker who is\nregistered in the affected application can exploit this flaw to run\nscripts each time a forum user accesses the malicious avatar, eg\ncollecting forum usage information, launching attacks against users'\nsystems, etc.", "edition": 25, "published": "2005-08-31T00:00:00", "title": "Simple Machines Forum Avatar Information Disclosure Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2817"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "SMF_AVATAR_CODE_INJECTION.NASL", "href": "https://www.tenable.com/plugins/nessus/19550", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19550);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n\n script_cve_id(\"CVE-2005-2817\");\n script_bugtraq_id(14706);\n\n script_name(english:\"Simple Machines Forum Avatar Information Disclosure Vulnerability\");\n script_summary(english:\"Checks for avatar code execution vulnerability in Simple Machines Forum\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that allows for the\ndisclosure of information.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Simple Machines Forum (SMF), an open source\nweb forum application written in PHP.\n\nThe installed version of SMF on the remote host does not properly\nsanitize the URI supplied for the user avatar. An attacker who is\nregistered in the affected application can exploit this flaw to run\nscripts each time a forum user accesses the malicious avatar, eg\ncollecting forum usage information, launching attacks against users'\nsystems, etc.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://retrogod.altervista.org/smf105.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2005/Aug/438\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smf_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80);\n\ninstall = get_install_from_kb(appname:'simple_machines_forum', port:port, exit_on_fail:TRUE);\n\nurl = install['dir'] + '/';\n\nversion = install['ver'];\nver = split(sep:'.', ver);\n\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 1 && ver[1] == 0 && ver[2] <= 5)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Version : ' + version + '\\n';\n security_note(port:port, extra:report);\n }\n else security_note(port);\n exit(0);\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}]}
