← back
CVE-2002-1757

CVE-2002-1757

EPSS 3.1%
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21421unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://online.securityfocus.com/archive/1/269407https://exchange.xforce.ibmcloud.com/vulnerabilities/8943http://www.securityfocus.com/bid/4596