PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. NOTE: CVE disputes this issue, since $script_path is set to a constant value
https://exchange.xforce.ibmcloud.com/vulnerabilities/26962
http://www.securityfocus.com/archive/1/435977/100/0/threaded
http://www.attrition.org/pipermail/vim/2007-April/001510.html