2007-07-10 01:00:00
mitre
PUBLISHED
admin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions.