PT-2010-1481 · Roomphplanning · Roomphplanning

The G0Bl!N

Published

2010-03-05

Updated

2017-09-19

CVE-2009-4671

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RoomPHPlanning version 1.6

Description The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by setting the room phplanning cookie to a value associated with the admin account.

Recommendations For RoomPHPlanning version 1.6, consider temporarily restricting access to the Login.php file until a patch is available. As a workaround, avoid using the room phplanning cookie or restrict its use to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-4671

Affected Products

Roomphplanning

PT-2010-1481 · Roomphplanning · Roomphplanning

CVE-2009-4671

Weakness Enumeration

Related Identifiers

Affected Products

References · 4