login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.
https://www.exploit-db.com/exploits/7418
https://exchange.xforce.ibmcloud.com/vulnerabilities/47264
http://www.securityfocus.com/bid/32779
http://www.phpaddedit.com/page/new/