Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.