Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPProjekt登录可绕过漏洞
Vulnerability Description
PHPProjekt是一款免费开放源代码PHP组件程序,由PHPProjekt Development Team开发和维护,可使用在Unix和Linux操作系统下,也可使用在Microsoft Windows操作系统下。 PHPProjekt部分脚本在处理认证上存在漏洞,可导致未认证用户绕过登录检查访问系统。 PHPProjekt部分脚本需要用户登录后访问,而部分脚本不需要,系统通过检查当前URL中的$PHP_SELF变量是否包含"sms"来区分。不幸的是,$PHP_SELF包含在请求的PATH_INFO
CVSS Information
N/A
Vulnerability Type
N/A