CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Simple PHP Agenda is a PHP, MYSQL based meeting schedule management tool. A request forgery vulnerability exists in Simple PHP Agenda auth/process.php, which allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious actions in the context of the...

6.8CVSS7AI score0.02284EPSS

Exploits6References1

Prion•added 2015/05/21 8:59 p.m.•12 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via a request to auth/process.php, 2 delete an administrator via a request to...

6.8CVSS7.8AI score0.02284EPSS

Exploits6References5Affected Software1

NVD•added 2015/05/21 8:59 p.m.•13 views

CVE-2012-1978

6.8CVSS7.2AI score0.02284EPSS

Exploits6References5

Cvelist•added 2015/05/21 8:0 p.m.•21 views

CVE-2012-1978

7.2AI score0.02284EPSS

Exploits6References5

NVD•added 2014/03/11 7:37 p.m.•22 views

CVE-2013-3961

SQL injection vulnerability in editevent.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter...

6.5CVSS7.9AI score0.02277EPSS

Exploits4References7

Prion•added 2014/03/11 7:37 p.m.•15 views

Sql injection

SQL injection vulnerability in editevent.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter...

6.5CVSS8.6AI score0.02277EPSS

Exploits4References7Affected Software1

CVE•added 2014/03/11 3:0 p.m.•49 views

CVE-2013-3961

CVE-2013-3961 affects Simple PHP Agenda up to version 2.2.8, where an authenticated user can exploit an SQL injection in edit_event.php via the eventid parameter. The root cause is inadequate input sanitization (relying on mysql_real_escape_string) allowing arbitrary SQL execution and potential d...

6.5CVSS8.2AI score0.02277EPSS

Exploits4References7Affected Software1

Cvelist•added 2014/03/11 3:0 p.m.•26 views

CVE-2013-3961

SQL injection vulnerability in editevent.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter...

7.9AI score0.02277EPSS

Exploits4References7

NVD•added 2012/05/21 10:55 p.m.•16 views

CVE-2012-2925

SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action...

7.5CVSS8.4AI score0.01051EPSS

Exploits1References2

Prion•added 2012/05/21 10:55 p.m.•14 views

Sql injection

SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action...

7.5CVSS9.2AI score0.01051EPSS

Exploits1References2Affected Software1

CVE•added 2012/05/21 10:0 p.m.•48 views

CVE-2012-2925

The CVE-2012-2925 entry concerns a SQL injection in engine.php of Simple PHP Agenda 2.2.8, exploitable via the priority parameter in addTodo. The root cause is unsanitized/concatenated input used in SQL queries, enabling remote attackers to execute arbitrary SQL commands. Affected software: Simpl...

7.5CVSS8.8AI score0.01051EPSS

Exploits1References2Affected Software1

Cvelist•added 2012/05/21 10:0 p.m.•19 views

CVE-2012-2925

SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action...

8.4AI score0.01051EPSS

Exploits1References2

Packet Storm•added 2012/03/30 12:0 a.m.•35 views

Simple PHP Agenda 2.2.8 Cross Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple Php Agenda = 2.2.8 CSRF Add Admin/Add New Event Date : 29-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link :...

6.8CVSS0.2AI score0.02284EPSS

Exploits6

NVD•added 2008/07/07 6:41 p.m.•14 views

CVE-2008-3031

Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...

7.5CVSS7.2AI score0.02299EPSS

Exploits1References4

CVE•added 2008/07/07 6:20 p.m.•46 views

CVE-2008-3031

CVE-2008-3031 affects Simple PHP Agenda 2.2.4 and earlier. A directory traversal vulnerability in index.php allows remote attackers to include and execute arbitrary local files by supplying a ".." in the page parameter. This is the underlying cause and the documented impact is arbitrary local fil...

7.5CVSS7.2AI score0.02299EPSS

Exploits1References4Affected Software1

Cvelist•added 2008/07/07 6:20 p.m.•21 views

CVE-2008-3031

Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...

7.2AI score0.02299EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by