PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.Referenceshttp://securityreason.com/securityalert/2339http://osvdb.org/36878http://www.securityfocus.com/archive/1/460933/100/0/threaded
