Vulnerabilities > CVE-2005-2817 - Unspecified vulnerability in Simple Machines Simple Machines Forum 1.0.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN simple-machines
nessus
Summary
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | SMF_AVATAR_CODE_INJECTION.NASL |
description | The remote host is running Simple Machines Forum (SMF), an open source web forum application written in PHP. The installed version of SMF on the remote host does not properly sanitize the URI supplied for the user avatar. An attacker who is registered in the affected application can exploit this flaw to run scripts each time a forum user accesses the malicious avatar, eg collecting forum usage information, launching attacks against users |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19550 |
published | 2005-08-31 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19550 |
title | Simple Machines Forum Avatar Information Disclosure Vulnerability |
code |
|
References
- http://rgod.altervista.org/smf105.html
- http://rgod.altervista.org/smf105.html
- http://seclists.org/lists/bugtraq/2005/Aug/0438.html
- http://seclists.org/lists/bugtraq/2005/Aug/0438.html
- http://secunia.com/advisories/16646
- http://secunia.com/advisories/16646
- http://securitytracker.com/id?1014828
- http://securitytracker.com/id?1014828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22093