CVE-2009-4671

RoomPHPlanning 1.6 - Auth Bypass

Title source: llm

Description

Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThE g0bL!N · textwebappsphp

https://www.exploit-db.com/exploits/8797

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://secunia.com/advisories/35237

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/8797

Scores

EPSS 0.0088

EPSS Percentile 75.1%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

beaussier/roomphplanning

Timeline

Published Mar 05, 2010

Tracked Since Feb 18, 2026