phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory.