MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.Referenceshttp://www.securityfocus.com/archive/1/465873/100/0/threadedhttp://osvdb.org/41593http://www.securityfocus.com/bid/23521http://securityreason.com/securityalert/2581https://exchange.xforce.ibmcloud.com/vulnerabilities/34025
