Archangel Weblog is prone to an authentication-bypass vulnerability. This issue is due to a failure in the application to properly validate user-supplied data.
An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected application as an administrative user. This may facilitate a compromise of the underlying system; other attacks are also possible.
The following example HTTP request is sufficient to exploit this issue:
GET http://www.example.com/awb/admin/index.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051229 Firefox/1.0.7