CVE-2002-1757 Information

Description

PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication which allows remote attackers to bypass authentication for scripts via a request to a .php file with \sms\ in the URL which is included in the PATH_INFO portion of the $PHP_SELF variable as demonstrated using \mail_send.php/sms.

Reference

http://online.securityfocus.com/archive/1/269407 http://www.securityfocus.com/bid/4596 https://exchange.xforce.ibmcloud.com/vulnerabilities/8943