PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote