Family: CGI abuses --> Category: infos
Simple Machines Forum Avatar Information Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for avatar code execution vulnerability in Simple Machines Forum
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that allows for the
disclosure of information.
The remote host is running Simple Machines Forum (SMF), an open-source
web forum application written in PHP.
The installed version of SMF on the remote host does not properly
sanitize the URI supplied for the user avatar. A possible hacker who is
registered in the affected application can exploit this flaw to run
scripts each time a forum user accesses the malicious avatar
collecting forum usage information, launching attacks against users'
See also :
Unknown at this time.
Low / CVSS Base Score : 1
Click HERE for more information and discussions on this network vulnerability scan.