A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.
https://volse.net/~haraldei/infosec/disclosures/hubzilla-before-7-2-multiple-vulnerabilities/