CVE-2005-2817
First published: Wed Sep 07 2005(Updated: )
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simple Machines Forum | =1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-2817?
CVE-2005-2817 is considered a medium severity vulnerability due to the potential exposure of sensitive user information.
How do I fix CVE-2005-2817?
To fix CVE-2005-2817, update Simple Machines Forum to version 1.0.6 or later, which eliminates the vulnerability.
What impact does CVE-2005-2817 have on users?
CVE-2005-2817 allows remote attackers to potentially monitor visitors' IP addresses and user agents, compromising user privacy.
Which versions of Simple Machines Forum are affected by CVE-2005-2817?
CVE-2005-2817 affects Simple Machines Forum versions 1.0.5 and earlier.
Can CVE-2005-2817 be exploited remotely?
Yes, CVE-2005-2817 can be exploited remotely by attackers through the use of malicious URLs for avatar images.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/simple machines
- canonical/simple machines forum
- version/simple machines forum/1.0.5