CVE-2004-0249
PHPX 2.0-3.2.4 - Unauthenticated Account Access via Cookie Manipulation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-0249. PoCs published by Manuel L?pez.
AI-analyzed exploit summary This PoC exploits an account hijacking vulnerability in PHPX 3.2.4 by sending a crafted cookie (PXL=2) to bypass authentication. It demonstrates how an attacker can gain unauthorized access by manipulating session cookies.
Description
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Manuel L?pez · phpwebappsphp
https://www.exploit-db.com/exploits/23644
This PoC exploits an account hijacking vulnerability in PHPX 3.2.4 by sending a crafted cookie (PXL=2) to bypass authentication. It demonstrates how an attacker can gain unauthorized access by manipulating session cookies.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
PHPX 3.2.4
No auth needed
Prerequisites:
Network access to the target PHPX instance · PHPX 3.2.4 or earlier installed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15052
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15512
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9569
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10797/
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-03/0154.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107586932324901&w=2
Scores
EPSS
0.0493
EPSS Percentile
91.0%
Details
Status
published
Products (1)
phpx/phpx
3.2.3
Published
Nov 23, 2004
Tracked Since
Feb 18, 2026