CVE-2013-0192

MEDIUM

Simple Machines Forum <= 2.0.3 - Authenticated File Disclosure via Admin Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0192. PoCs published by SimpleAudit Team.

AI-analyzed exploit summary This is a vulnerability writeup describing multiple issues in Simple Machines Forum, including XSS, CSRF, DoS, and information disclosure. It provides example URIs for exploitation but lacks executable exploit code.

Description

File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.

Exploits (1)

exploitdb WRITEUP VERIFIED
by SimpleAudit Team · textwebappsphp
https://www.exploit-db.com/exploits/10274

This is a vulnerability writeup describing multiple issues in Simple Machines Forum, including XSS, CSRF, DoS, and information disclosure. It provides example URIs for exploitation but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Dos | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Simple Machines Forum 1.1.10, 2.0 RC2
Auth required
Prerequisites: Victim interaction for XSS/CSRF · Admin access for some exploits
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/02/01/4
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/01/17/5
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/01/31/1

Scores

CVSS v3 4.9
EPSS 0.0564
EPSS Percentile 90.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
simplemachines/simple_machines_forum < 2.0.3
Published Feb 07, 2020
Tracked Since Feb 18, 2026