CVE-2002-1757

UNKNOWN

PHProjekt 2

Published Jun 21, 2005

Modified 1 years ago

No fix available

Details

PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".

References

WEBhttp://online.securityfocus.com/archive/1/269407 WEBhttp://www.securityfocus.com/bid/4596 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/8943 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2002-1757

CVSS Analysis

CVSS v2.0

7.5

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

PartialA:P

7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ecosystems

Timeline

PublishedJun 21, 2005

ModifiedAug 8, 2024