CVE-2005-2817

Sažetak

Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.

Reference

http://rgod.altervista.org/smf105.html
http://seclists.org/lists/bugtraq/2005/Aug/0438.html
http://secunia.com/advisories/16646
http://securitytracker.com/id?1014828
https://exchange.xforce.ibmcloud.com/vulnerabilities/22093

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

07-09-2005 - 19:07