PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code.
http://www.stadtaus.com/forum/t-1579.html
http://www.stadtaus.com/forum/p-5895.html