CVE-2012-2925

SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action...

CVE-2012-2925

The CVE-2012-2925 entry concerns a SQL injection in engine.php of Simple PHP Agenda 2.2.8, exploitable via the priority parameter in addTodo. The root cause is unsanitized/concatenated input used in SQL queries, enabling remote attackers to execute arbitrary SQL commands. Affected software: Simpl...