admin.php in pL-PHP beta 0.9 allows remote malicious users to bypass authentication by setting the is_admin parameter to 1.
pl-php pl-php 0.9_beta