admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2293)