OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.Referenceshttp://www.securityfocus.com/bid/29999https://www.exploit-db.com/exploits/5959
