Remote file inclusion

PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter, possibly related to the autoload function...