CVE-2002-1757

Name of the Vulnerable Software and Affected Versions PHProjekt versions 2.0 through 3.1

Description The issue allows remote attackers to bypass authentication for scripts by exploiting the reliance on the $PHP SELF variable. This can be achieved by making a request to a .php file with "sms" in the URL, which is included in the PATH INFO portion of the $PHP SELF variable. An example of such an exploit is a request to "mail send.php/sms".

Recommendations For PHProjekt versions 2.0 through 3.1, consider modifying the authentication mechanism to not rely on the $PHP SELF variable, or implement additional validation to prevent bypassing authentication via manipulated URL requests. As a temporary workaround, restrict access to sensitive scripts that rely on the $PHP SELF variable for authentication.