Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple php agenda project simple php agenda |