VYPR

RoomPHPlanning

by RoomPHPlanning

CVEs (4)

  • CVE-2009-4670Mar 5, 2010
    risk 0.03cvss epss 0.02

    admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.

  • CVE-2008-6634Apr 7, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php.

  • CVE-2008-6633Apr 7, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php.

  • CVE-2008-2488May 28, 2008
    risk 0.03cvss epss 0.02

    admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts.