Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Open Education System OES 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONFINCLUDEPATH parameter to 1 forum/admin.php and 2 plotgraph/index.php in admin/modules/modules/, and 3 adminuser/modadmuser.php and 4...