CVE-2009-5068

CVE

HighConfirmedExploit available

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF dep…

CVSS

7.2

High

EPSS

0.02

p74

Published

2009-01-01

Updated

2009-01-01

Description

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.

Tags · CWE

CWE-312

CAPEC-37

Affected products

Simple_machines_forum ≤ 2.0.3

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

2009-01-01

Published

2009-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: H

High (H)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.017 · p74

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1005Data from Local System

└ via CAPEC-37 · CWE-312

T1552.004Private Keys

└ via CAPEC-37 · CWE-312

Known exploits — Сканер-ВС

10274

exploitdb · https://www.exploit-db.com/exploits/10274

Enterprise

Affected products

Simplemachines

Simple Machines Forum

Product	Vendor	Status
simple_machines_forum	*	Tracked

Source databases

CVE