The remote host is running TrueGalerie, an album management system written in PHP.
There is a flaw in the version of TrueGalerie which may allow an attacker to log in as the administrator without having to know the password, simply by requesting the URL :
/admin.php?loggedin=1 Provided PHP's 'register_globals' setting is enabled, an attacker may use this flaw to gain administrative privileges on this web server and modify its content.
Disable the option 'register_globals' in php.ini or replace
this set of CGI by something else.
Partial Confidentiality Impact, Partial Integrity Impact, Partial Availability Impact