Public CVE-2005-2202 disclosure

login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php.