3 matches found
CVE-2012-2925
The CVE-2012-2925 entry concerns a SQL injection in engine.php of Simple PHP Agenda 2.2.8, exploitable via the priority parameter in addTodo. The root cause is unsanitized/concatenated input used in SQL queries, enabling remote attackers to execute arbitrary SQL commands. Affected software: Simpl...
PHP Agenda 2.2.8 - SQL Injection
Title:Simple PHP Agenda 2.2.8 SQLi Vulnerability Version: php-agenda 2.2.8 Author/Found by: loneferret Manifacturer/Software link: http://sourceforge.net/projects/php-agenda/files/latest/download Other vulnerability: http://www.exploit-db.com/exploits/18694/ Date found: May 7th 2012 Tested on:...
Simple PHP Agenda 2.2.8 Cross Site Request Forgery
+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple Php Agenda = 2.2.8 CSRF Add Admin/Add New Event Date : 29-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link :...