AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."
https://www.exploit-db.com/exploits/8599
http://www.vupen.com/english/advisories/2009/1245
http://www.securityfocus.com/bid/34808