PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.
https://www.exploit-db.com/exploits/2455
https://exchange.xforce.ibmcloud.com/vulnerabilities/29260