Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an malicious user to forge session cookies, which may lead to remote privilege escalation.
pancakeapp pancake