Simple Machines Forum (SMF) 1-0-5 and previous versions supports the use of URLs for avatar images, which allows remote malicious users to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple machines simple machines forum 1.0.5 |