PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.Referenceshttp://secunia.com/advisories/24002https://www.exploit-db.com/exploits/3236https://exchange.xforce.ibmcloud.com/vulnerabilities/31997http://osvdb.org/33078http://www.securityfocus.com/bid/22333http://www.vupen.com/english/advisories/2007/0450
