PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
http://www.securityfocus.com/archive/1/435859/100/0/threaded
http://www.securityfocus.com/archive/1/435371/100/0/threaded
http://www.securityfocus.com/archive/1/420676/100/0/threaded