Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...