EUVD-2006-4188

PHP remote file inclusion vulnerability in includes/session.php in Wheatblog wB 1.1 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wbclassdir parameter...