PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.Referenceshttp://www.phpbb.com/phpBB/viewtopic.php?p=2504370#2504370https://www.exploit-db.com/exploits/2551http://secunia.com/advisories/22436http://www.osvdb.org/29734http://www.securityfocus.com/bid/20558https://exchange.xforce.ibmcloud.com/vulnerabilities/29571
