AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.