Ar-blog 5.2 and previous versions allows remote malicious users to bypass authentication by modifying cookies.
ar-blog ar-blog