exploitDog

CVE-2009-4670

Опубликовано: 05 мар. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.

Ссылки

http://secunia.com/advisories/35237
Vendor Advisory
http://www.exploit-db.com/exploits/8797
http://secunia.com/advisories/35237
Vendor Advisory
http://www.exploit-db.com/exploits/8797

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:beaussier:roomphplanning:1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.0239

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-8wh3-f9vj-fgm2

github

почти 4 года назад

admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.

EPSS

Процентиль: 85%

0.0239

Низкий

7.5 High

CVSS2

Дефекты

CWE-287