3 matches found
CVE-2009-4669
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via 1 the loginus parameter to Login.php or 2 the Old Password field to changepwd.php, and allow 3 remote authenticated administrators to execute arbitrary SQL commands via the id...
CVE-2009-4669
CVE-2009-4669 affects RoomPHPlanning 1.6 with multiple SQL injection vulnerabilities. The issues allow remote attackers to coerce arbitrary SQL commands via (1) the loginus parameter to Login.php, and (2) the Old Password field to changepwd.php, and similarly enable remote authenticated administr...
CVE-2009-4670
CVE-2009-4670 affects RoomPHPlanning 1.6. The vuln lies in admin/delitem.php which does not require authentication, enabling remote attackers to delete arbitrary users (via the user parameter) or arbitrary rooms (via the room parameter). Descriptions in the provided documents confirm unauthentica...