CVE-2002-1428

dotproject 0.2.1.5 - Unauthenticated Authentication Bypass via user_cookie Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1428. PoCs published by pokleyzz.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass in dotproject by manipulating the 'user_cookie' parameter to gain administrative access without valid credentials. The issue arises from the software's reliance on the 'cookie_value' for authentication, allowing arbitrary user impersonation.

Description

index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.

Exploits (1)

exploitdb WORKING POC VERIFIED

by pokleyzz · textwebappsphp

https://www.exploit-db.com/exploits/21661

View Code ZIP pw:eip

The exploit demonstrates an authentication bypass in dotproject by manipulating the 'user_cookie' parameter to gain administrative access without valid credentials. The issue arises from the software's reliance on the 'cookie_value' for authentication, allowing arbitrary user impersonation.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: dotproject (version not specified)

No auth needed

Prerequisites: access to the target application URL

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9720.php

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5347

Scores

EPSS 0.0551

EPSS Percentile 91.8%

Details

Status published

Products (1)

dotproject/dotproject 0.2.1.5

Published Apr 11, 2003

Tracked Since Feb 18, 2026