newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".