admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0350)