Published: 21/05/2015 Updated: 27/07/2015

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simple php agenda project simple php agenda

+--------------------------------------------------------------------------------------------- ...

Simple PHP Agenda versions 228 and below suffer from multiple cross site request forgery vulnerabilities ...

CWE-352 http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt http://www.webapp-security.com/2012/03/simple-php-agenda/http://osvdb.org/80793 http://www.securityfocus.com/bid/74778 https://nvd.nist.gov https://www.exploit-db.com/exploits/18694/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-1978

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect