PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.Referenceshttps://www.exploit-db.com/exploits/3165http://osvdb.org/31603
