PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
http://www.iss.net/security_center/static/7215.php
http://sourceforge.net/project/shownotes.php?release_id=58331
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html