A vulnerability was found in PhpPass 2. It has been rated as critical. This issue affects an unknown part of the file accesscontrol.php. The manipulation of the argument uid/pwd with an unknown input leads to a sql injection vulnerability. Using CWE to declare the problem leads to CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.

The weakness was disclosed 12/31/2003 by Frog Man (Website). The advisory is shared at securitytracker.com. The identification of this vulnerability is CVE-2003-1533 since 11/08/2007. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known. MITRE ATT&CK project uses the attack technique T1505 for this issue.

The exploit is available at exploit-db.com. It is declared as proof-of-concept. By approaching the search of inurl:accesscontrol.php it is possible to find vulnerable targets with Google Hacking.

Applying a patch is able to eliminate this problem.

The vulnerability is also documented in the databases at Exploit-DB (22148), SecurityFocus (BID 6594†) and SecurityTracker (ID 1005948†).

Productinfo

Name

• PhpPass

Version

• 2

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion