CVE-2009-4670

RoomPHPlanning 1.6 - RCE

Title source: llm

Description

admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThE g0bL!N · textwebappsphp

https://www.exploit-db.com/exploits/8797

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://secunia.com/advisories/35237

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/8797

Scores

EPSS 0.0239

EPSS Percentile 84.8%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

beaussier/roomphplanning

Timeline

Published Mar 05, 2010

Tracked Since Feb 18, 2026