Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
https://www.exploit-db.com/exploits/1905
http://www.securityfocus.com/archive/1/445996/100/0/threaded
http://www.securityfocus.com/archive/1/437510/100/200/threaded