|
|
PHProjekt Login Bypass Vulnerability
This issue may be exploited with a web browser. The following example was submitted: http://www.somehost.com/phprojekt/mail/mail_send.php/sms where the extraneous "sms" is included to be passed to the $PHP_SELF variable as part of the PATH_INFO. This causes PHPProjekt to behave as though the attacker accessing the script is logged on to PHPProjekt as a legitimate user. |
|
Privacy Statement |