Simpnews has an include file vulnerability that allows a remote attacker to load malicious PHP scripts.
3a1cb29b2d9407d519d17fe3a494ffe6d482069586256ca3aea9634a0659e949
All versions of Simpnews appear to still have a remote file inclusion flaw utilized via the path_simpnews variable.
2fe74ff84b4a5493d6a42012a105920e08e06244ff201e0cb391c1e9aa28ef56