PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.
https://www.exploit-db.com/exploits/8735
https://exchange.xforce.ibmcloud.com/vulnerabilities/50622