PT-2010-1481 · Roomphplanning · Roomphplanning

The G0Bl!N

Publicado

2010-03-05

Atualizado

2017-09-19

CVE-2009-4671

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RoomPHPlanning version 1.6

Description The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by setting the room phplanning cookie to a value associated with the admin account.

Recommendations For RoomPHPlanning version 1.6, consider temporarily restricting access to the Login.php file until a patch is available. As a workaround, avoid using the room phplanning cookie or restrict its use to minimize the risk of exploitation.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2009-4671

Produtos afetados

Roomphplanning

PT-2010-1481 · Roomphplanning · Roomphplanning

CVE-2009-4671

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4