Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/32563
http://www.securityfocus.com/bid/22590
http://www.securityfocus.com/archive/1/460325/100/0/threaded