Description
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by ThE g0bL!N · textwebappsphp
https://www.exploit-db.com/exploits/8797
References (2)
Core 2
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35237
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/8797
Scores
EPSS
0.0023
EPSS Percentile
46.1%
Details
CWE
CWE-89
Status
published
Products (1)
beaussier/roomphplanning
1.6
Published
Mar 05, 2010
Tracked Since
Feb 18, 2026