CVE-2009-4671 Information

Description

Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.

Reference

http://secunia.com/advisories/35237 http://www.exploit-db.com/exploits/8797