dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software.
This may be accomplished by submitting a maliciously crafted 'user_cookie' value either manually or via manipulation of URI parameters.
This problem is due to the software relying on the user 'cookie_value' to authenticate the user.
curl -b user_cookie=1 http://server/project/index.php?m=projects
dotProject contains a flaw that allows a remote user to obtain administrative priveleges remotely. The issue is due to index.php accepting a "user_cookie" variable which it trusts to authenticate the user. By changing this value to "1", the program will log you in as the administrator.
Upgrade to version 1.0.0 or higher, as it has been reported to fix this
vulnerability. An upgrade is required as there are no known workarounds.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.