Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php.
http://www.securityfocus.com/archive/1/470802/100/100/threaded
http://www.securityfocus.com/archive/1/455301/100/0/threaded