admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter.
https://www.exploit-db.com/exploits/2588
https://exchange.xforce.ibmcloud.com/vulnerabilities/29656