Another possibility is some quirk in the file permissions, .htaccess or some other configuration file, which could lead to vulnerabilities like HTTP verb tampering.

It may have been more subtle, but of a similar nature.