PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter.Referenceshttps://www.exploit-db.com/exploits/4808https://exchange.xforce.ibmcloud.com/vulnerabilities/39316http://osvdb.org/39895
