MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2347)