isadmin.php in PhpWebGallery 1.0 allows remote malicious users to gain administrative access via by setting the photo_login cookie to pseudo.
phpwebgallery phpwebgallery 1.0