PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26172
http://www.securityfocus.com/archive/1/432453/100/0/threaded