Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2817


Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2817
Last Modified 05 Sep 2008 04:52:46
Published 07 Sep 2005 03:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.

Vulnerable Systems


  • Simple Machines Forum 1.0.5


XF - smf-avatar-image-information-disclosure(22093)

SECTRACK - 1014828

SECUNIA - 16646

BUGTRAQ - 20050831 Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure


Last Updated: 27 May 2016 10:40:39