CVE-2008-5792
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
Date published : 2008-12-31
http://www.securityfocus.com/bid/32205
http://www.securityfocus.com/archive/1/498161/100/0/threaded