PT-2010-1480 · Unknown · Roomphplanning

The G0Bl!N

Published

2010-03-05

Updated

2017-09-19

CVE-2009-4670

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RoomPHPlanning version 1.6

Description The issue concerns a lack of authentication requirement in the admin/delitem.php file. This allows remote attackers to delete arbitrary users via the user parameter or delete arbitrary rooms via the room parameter.

Recommendations For RoomPHPlanning version 1.6, consider implementing proper authentication mechanisms for the admin/delitem.php file to prevent unauthorized access. As a temporary workaround, restrict access to the admin/delitem.php file until a proper fix is applied. Avoid using the user and room parameters in the affected file until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-4670

Affected Products

Roomphplanning

PT-2010-1480 · Unknown · Roomphplanning

CVE-2009-4670

Weakness Enumeration

Related Identifiers

Affected Products

References · 4