newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.