CVE-2002-1757

PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1757
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phprojekt / phprojekt	2.3	2.3.x
phprojekt / phprojekt	2.4a	2.4a.x
phprojekt / phprojekt	3.1a	3.1a.x
phprojekt / phprojekt	2.2	2.2.x
phprojekt / phprojekt	2.4	2.4.x
phprojekt / phprojekt	2.1a	2.1a.x
phprojekt / phprojekt	3.1	3.1.x
phprojekt / phprojekt	3.0	3.0.x
phprojekt / phprojekt	2.1	2.1.x
phprojekt / phprojekt	2.0.1	2.0.1.x
phprojekt / phprojekt	2.0	2.0.x

http://online.securityfocus.com/archive/1/269407
http://www.securityfocus.com/bid/4596
https://exchange.xforce.ibmcloud.com/vulnerabilities/8943

Vulnerability Database

290,278

CVE-2002-1757