Description
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ulf Harnhammar · textwebappsphp
https://www.exploit-db.com/exploits/21421
References (3)
Core 3
Core References
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4596
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8943
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/269407
Scores
EPSS
0.0340
EPSS Percentile
87.5%
Details
Status
published
Products (11)
phprojekt/phprojekt
2.0
phprojekt/phprojekt
2.0.1
phprojekt/phprojekt
2.1
phprojekt/phprojekt
2.1a
phprojekt/phprojekt
2.2
phprojekt/phprojekt
2.3
phprojekt/phprojekt
2.4
phprojekt/phprojekt
2.4a
phprojekt/phprojekt
3.0
phprojekt/phprojekt
3.1
... and 1 more
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026