NewsDaemon remote administrator access

SUMMARY ------- In all versions of NewsDaemon prior to 0.21b released 25 Jan 2001, it is possible to spoof a global variable in an HTTP request and obtain administrator access remotely. NewsDaemon is the PHP-based Web Log software that runs http://daily.daemonnews.org/ a popular news and discussi...