CVE-2013-3961

EUVD-2013-3893
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
abeelsimple_php_agenda
𝑥
≤ 2.2.8
abeelsimple_php_agenda
0.1
abeelsimple_php_agenda
0.1.1
abeelsimple_php_agenda
0.1.2
abeelsimple_php_agenda
0.2.0
abeelsimple_php_agenda
0.2.1
abeelsimple_php_agenda
0.2.2
abeelsimple_php_agenda
0.2.3
abeelsimple_php_agenda
0.2.4
abeelsimple_php_agenda
0.2.5
abeelsimple_php_agenda
0.2.6
abeelsimple_php_agenda
0.2.7
abeelsimple_php_agenda
0.3.0
abeelsimple_php_agenda
0.3.1
abeelsimple_php_agenda
0.3.2
abeelsimple_php_agenda
0.3.3
abeelsimple_php_agenda
1.0.0
abeelsimple_php_agenda
1.0.1
abeelsimple_php_agenda
2.0.0
abeelsimple_php_agenda
2.1.0
abeelsimple_php_agenda
2.2.0
abeelsimple_php_agenda
2.2.1
abeelsimple_php_agenda
2.2.2
abeelsimple_php_agenda
2.2.3
abeelsimple_php_agenda
2.2.4
abeelsimple_php_agenda
2.2.5
abeelsimple_php_agenda
2.2.6
abeelsimple_php_agenda
2.2.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/94141
http://packetstormsecurity.com/files/121978/Simple-PHP-Agenda-2.2.8-SQL-Injection.html
http://seclists.org/fulldisclosure/2013/Jun/67
http://www.exploit-db.com/exploits/26136
http://www.securityfocus.com/bid/60481
http://www.webera.fr/advisory-02-php-agenda-isql-exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/84938
http://osvdb.org/94141
http://packetstormsecurity.com/files/121978/Simple-PHP-Agenda-2.2.8-SQL-Injection.html
http://seclists.org/fulldisclosure/2013/Jun/67
http://www.exploit-db.com/exploits/26136
http://www.securityfocus.com/bid/60481
http://www.webera.fr/advisory-02-php-agenda-isql-exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/84938