check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24510
http://www.securityfocus.com/bid/16586
http://www.securityfocus.com/archive/1/424827/100/0/threaded