The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to bypass the login and gain privileges.