NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to "logged,true".