Description
Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.
Affected products
- beaussier / roomphplanning1.6 – 1.6
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/35237
- EXPLOIThttp://www.exploit-db.com/exploits/8797