mantisbt security flaw

Hi, Mantis is php/MySQL/web based bug tracking system, available at http://mantisbt.sourceforge.net/. It currently suffers from a classical PHP bad coding practice altough i would bet on distraction for this particular situation , that may result on remote command execution via a include file...