PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/28843
https://exchange.xforce.ibmcloud.com/vulnerabilities/26289
http://www.vupen.com/english/advisories/2006/1686
http://www.securityfocus.com/archive/1/433121/100/0/threaded
http://securitytracker.com/id?1016061