mxbb_faq < 2.0.0 - Remote File Inclusion via module_root_path Parameter
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.