mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
https://exchange.xforce.ibmcloud.com/vulnerabilities/32562
http://www.securityfocus.com/archive/1/460402/100/0/threaded