CVE-2002-1757

Published Dec 31, 2002

Last updated 7 years ago

Overview

Description: PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D245D09E-BF00-4E14-9A12-83BCAE55BD0C"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "505FD923-F1FB-486A-B85A-DAC31982E21C"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "414705DF-A3AD-4CF1-8391-32F09EF8BAB5"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:2.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16C2B2E2-AA2B-40B0-A7FB-D1A191D39939"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ED3BCB7-D94E-4985-8951-01AD3C15C28A"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F69C99BE-581F-4EE3-A798-E7FF0433CF16"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "960BD03B-D527-4EC4-B642-130F2AA49AC8"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:2.4a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0B762E4-5E4D-4B9D-A756-6CDE49366317"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C20E262-6E6B-48A2-B831-48A5A8C72F25"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89E0C51C-F9DE-4140-97D9-4777811DFA1F"
          },
          {
            "criteria": "cpe:2.3:a:phprojekt:phprojekt:3.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4758B7C9-D6F3-47BC-A5AC-5DAC508DE18B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References