admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27011
http://www.vupen.com/english/advisories/2006/2210
http://www.securityfocus.com/archive/1/436259/30/4620/threaded