Description
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by loneferret · textwebappsphp
https://www.exploit-db.com/exploits/18845
References (2)
Core 2
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18845
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75501
Scores
EPSS
0.0097
EPSS Percentile
76.7%
Details
CWE
CWE-89
Status
published
Products (1)
simple_php_agenda/simple_php_agenda
2.2.8
Published
May 21, 2012
Tracked Since
Feb 18, 2026