6.8 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.4%
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.
secunia.com/advisories/35237
www.exploit-db.com/exploits/8797