CVE-2007-2822

TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.

Date published : 2007-05-22

http://www.wavelinkmedia.com/scripts/tutorialcms/

https://www.exploit-db.com/exploits/3963