CVE-2002-1757
Last modified
CVE-2002-1757 is a vulnerability of currently unknown severity. PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".. EPSS estimates a 3.14% chance of exploitation in the next 30 days.
Description
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phprojekt | Phprojekt | 2.0 |
| Phprojekt | Phprojekt | 2.0.1 |
| Phprojekt | Phprojekt | 2.1 |
| Phprojekt | Phprojekt | 2.1a |
| Phprojekt | Phprojekt | 2.2 |
| Phprojekt | Phprojekt | 2.3 |
| Phprojekt | Phprojekt | 2.4 |
| Phprojekt | Phprojekt | 2.4a |
| Phprojekt | Phprojekt | 3.0 |
| Phprojekt | Phprojekt | 3.1 |
| Phprojekt | Phprojekt | 3.1a |
References
- http://www.securityfocus.com/bid/4596Exploit, Patch
- http://www.securityfocus.com/bid/4596Exploit, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-1757?
How severe is CVE-2002-1757?
How do I fix CVE-2002-1757?
Are you affected by CVE-2002-1757?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST