CVE-2005-2817
CVE-2005-2817 is a medium-severity vulnerability in Simple Machines Simple Machines Forum with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 2% (72nd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Simple Machines Simple Machines Forum
- Published:
- Last modified:
Description
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
Frequently asked questions
- What is CVE-2005-2817?
- Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
- How severe is CVE-2005-2817?
- CVE-2005-2817 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2005-2817 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (72nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-2817?
- CVE-2005-2817 affects Simple Machines Simple Machines Forum. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2005-2817?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-2817 published?
- CVE-2005-2817 was published on 2005-09-07 and last updated on 2026-06-16.
References
- http://rgod.altervista.org/smf105.html
- http://seclists.org/lists/bugtraq/2005/Aug/0438.html
- http://secunia.com/advisories/16646
- http://securitytracker.com/id?1014828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22093
Affected products (1)
- cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*
More vulnerabilities in Simple Machines Simple Machines Forum
- CVE-2008-6741 — High (CVSS 7.5): SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to…
- CVE-2008-6544 — High (CVSS 7.5): Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to…
- CVE-2008-3073 — High (CVSS 7.5): Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact…
- CVE-2008-3072 — High (CVSS 7.5): Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not…
- CVE-2007-3309 — High (CVSS 7.5): Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code…
- CVE-2007-3308 — High (CVSS 7.5): Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file…