Simple Php Agenda <= 2.2.8 Multiple CSRF Vulnerabilities

Simple Php Agenda 2.2.8  (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, delete an existing administrator, create/delete a new event and change any other parameters. In this document I will only  demonstrate how to:
– add a new administrator
– delete a existing administrator
– add a new event
– delete an existing event.
Other parameters can be also modified.

To view my Original Advisory:
Simple PHP Agenda 2.2.8 Multiple CSRF Advisory

MITRE CVE Numbering Authority for this vulnerability assigned me CVE-2012-1978

Other related publications:

Leave a Reply

Your email address will not be published. Required fields are marked *