PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27135
http://www.securityfocus.com/bid/18363
http://www.securityfocus.com/archive/1/436707/100/0/threaded