inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.Referenceshttp://www.osvdb.org/15787http://securitytracker.com/id?1013795http://secunia.com/advisories/15105http://marc.info/?l=bugtraq&m=111428190921388&w=2
