CVE-2002-1757

Published: Dec 31, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".

Affected (11)

Products: Phprojekt: Phprojekt

Phprojekt

1 product

Phprojekt

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Phprojekt Phprojekt	Version 2.0.1
Phprojekt Phprojekt	Version 2.0
Phprojekt Phprojekt	Version 2.1
Phprojekt Phprojekt	Version 2.1a
Phprojekt Phprojekt	Version 2.2
Phprojekt Phprojekt	Version 2.3
Phprojekt Phprojekt	Version 2.4
Phprojekt Phprojekt	Version 2.4a
Phprojekt Phprojekt	Version 3.0
Phprojekt Phprojekt	Version 3.1
Phprojekt Phprojekt	Version 3.1a

References (6)

http://online.securityfocus.com/archive/1/269407

Source: cve@mitre.org

http://www.securityfocus.com/bid/4596

Source: cve@mitre.org

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/8943

Source: cve@mitre.org

http://online.securityfocus.com/archive/1/269407

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/4596

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/8943

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.