Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Simple PHP Agenda 跨站请求伪造漏洞
Vulnerability Description
Simple PHP Agenda是一套基于PHP、MYSQL的会议日程管理工具。该工具支持添加预约、创建待办事项列表等。 Simple PHP Agenda 2.2.8及之前版本中存在跨站请求伪造漏洞。远程攻击者可通过向auth/process.php脚本发送请求利用该漏洞添加管理员账户;向uth/admin/adminprocess.php脚本发送请求利用该漏洞删除管理员账户;向engine/new_event.php脚本发送请求利用该漏洞添加事件;向phpagenda/ URI发送请求利用该漏洞删除
CVSS Information
N/A
Vulnerability Type
N/A