PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter.
https://www.exploit-db.com/exploits/3750
https://exchange.xforce.ibmcloud.com/vulnerabilities/33695