Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a