admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote malicious users to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
beaussier roomphplanning 1.6 |