The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
https://github.com/joshf/Burden/releases/tag/1.8.1
https://github.com/joshf/Burden/issues/2
https://github.com/joshf/Burden/commit/edaa1bb8f73d6f3c8b2e78b67f1b40e02fccd0c1