CVE-2013-5748

simplerisk < 20130916-001 - Cross-Site Request Forgery via add_project Action

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5748. PoCs published by Ryan Dewhurst.

AI-analyzed exploit summary This PoC demonstrates a CSRF and stored XSS vulnerability in SimpleRisk v.20130915-01, allowing an attacker to compromise user accounts by stealing session cookies via a malicious script.

Description

Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.

Exploits (1)

exploitdb WORKING POC
by Ryan Dewhurst · textwebappsphp
https://www.exploit-db.com/exploits/28656

This PoC demonstrates a CSRF and stored XSS vulnerability in SimpleRisk v.20130915-01, allowing an attacker to compromise user accounts by stealing session cookies via a malicious script.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: SimpleRisk v.20130915-01
No auth needed
Prerequisites: Victim must visit a malicious page or click a malicious link
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0199
EPSS Percentile 78.0%

Details

CWE
CWE-352
Status published
Products (1)
simplerisk/simplerisk < 20130915-001
Published May 12, 2014
Tracked Since Feb 18, 2026