Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-3961

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2013-3961
Last Modified 16 Mar 2014 12:38:46
Published 11 Mar 2014 03:37:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-3961

Summary

SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.

Vulnerable Systems

Application

  • Abeel Simple Php Agenda 0.1

  • Abeel Simple Php Agenda 0.1.1

  • Abeel Simple Php Agenda 0.1.2

  • Abeel Simple Php Agenda 0.2.0

  • Abeel Simple Php Agenda 0.2.1

  • Abeel Simple Php Agenda 0.2.2

  • Abeel Simple Php Agenda 0.2.3

  • Abeel Simple Php Agenda 0.2.4

  • Abeel Simple Php Agenda 0.2.5

  • Abeel Simple Php Agenda 0.2.6

  • Abeel Simple Php Agenda 0.2.7

  • Abeel Simple Php Agenda 0.3.0

  • Abeel Simple Php Agenda 0.3.1

  • Abeel Simple Php Agenda 0.3.2

  • Abeel Simple Php Agenda 0.3.3

  • Abeel Simple Php Agenda 1.0.0

  • Abeel Simple Php Agenda 1.0.1

  • Abeel Simple Php Agenda 2.0.0

  • Abeel Simple Php Agenda 2.1.0

  • Abeel Simple Php Agenda 2.2.0

  • Abeel Simple Php Agenda 2.2.1

  • Abeel Simple Php Agenda 2.2.2

  • Abeel Simple Php Agenda 2.2.3

  • Abeel Simple Php Agenda 2.2.4

  • Abeel Simple Php Agenda 2.2.5

  • Abeel Simple Php Agenda 2.2.6

  • Abeel Simple Php Agenda 2.2.7

  • Abeel Simple Php Agenda 2.2.8


References

XF - simplephp-cve20133961-eventid-sql-injection(84938)

MISC - http://www.webera.fr/advisory-02-php-agenda-isql-exploit

BID - 60481

EXPLOIT-DB - 26136

FULLDISC - 20130611 [CVE-2013-3961] iSQL in php-agenda <= 2.2.8

MISC - http://packetstormsecurity.com/files/121978/Simple-PHP-Agenda-2.2.8-SQL-Injection.html

OSVDB - 94141


Last Updated: 27 May 2016 11:04:37