CVE-2009-4670

Name of the Vulnerable Software and Affected Versions RoomPHPlanning version 1.6

Description The issue concerns a lack of authentication requirement in the admin/delitem.php file. This allows remote attackers to delete arbitrary users via the user parameter or delete arbitrary rooms via the room parameter.

Recommendations For RoomPHPlanning version 1.6, consider implementing proper authentication mechanisms for the admin/delitem.php file to prevent unauthorized access. As a temporary workaround, restrict access to the admin/delitem.php file until a proper fix is applied. Avoid using the user and room parameters in the affected file until the issue is resolved.