I already brought light on this issue few months back. I contacted the author through Private Message but never got a reply. The similar issue also exists in Post Nuke (http://www.postnuke.com). See http://www.securitytracker.com/alerts/2002/Mar/1003781.html and http://packetstorm.decepticons.org/0203-exploits/php-nuke.5.5.css.txt for more info.
