An issue exists in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
laobancms laobancms 2.0