PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/26172http://www.securityfocus.com/archive/1/432453/100/0/threadedhttp://www.osvdb.org/25294
