Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information.
http://www.securityfocus.com/archive/1/474416/100/0/threaded
http://securityreason.com/securityalert/2927