If the register_globals PHP option is enabled, the
**base_qry_common.php** script can be used to include arbitrary files under the directory specified by the
**BASE_path** parameter. This could lead to execution of local or remote PHP code.
Upgrade to BASE 1.2.5 or higher.
In order for this exploit to succeed, the register_globals option must be enabled in the PHP configuration, and the Apache log file must exist in a common location.