Lucene search

[email protected]CVE-2009-4670

HistoryMar 05, 2010 - 6:30 p.m.

CVE-2009-4670

2010-03-0518:30:00

CWE-287

[email protected]

web.nvd.nist.gov

security

vulnerability

unauthenticated

roomphplanning 1.6

cve-2009-4670

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.

Affected configurations

NVD

Node

beaussierroomphplanningMatch1.6

CPENameOperatorVersion
beaussier:roomphplanningbeaussier roomphplanningeq1.6

CPE	Name	Operator	Version
beaussier:roomphplanning	beaussier roomphplanning	eq	1.6

References

secunia.com/advisories/35237

www.exploit-db.com/exploits/8797

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2009-4670

nvd1 cvelist1 prion1