Remote file inclusion

PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the modroot parameter...