Simple Php Agenda 2.2.8 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, delete an existing administrator, create/delete a new event and change any other parameters. In this document I will only demonstrate how to:
– add a new administrator
– delete a existing administrator
– add a new event
– delete an existing event.
Other parameters can be also modified.
To view my Original Advisory:
Simple PHP Agenda 2.2.8 Multiple CSRF Advisory
MITRE CVE Numbering Authority for this vulnerability assigned me CVE-2012-1978
Other related publications: