PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
https://www.exploit-db.com/exploits/2941
https://exchange.xforce.ibmcloud.com/vulnerabilities/30913