Please note the “Note” in the sidebar, then read this: http://osvdb.org/blog/?p=185. This people are absolutely right, don’t use the informations here “as is”, recheck them, test them. Also once again, this script wasn’t mean to work with an 100% hit quota, but for programming fun for me.

This is a good indication of how trustworthy the tool is, early release or not, and what kind of burden it places on VDBs who do their best to vet vulnerability disclosures to a limited degree.

Well, psorry.

The script reach the end in the search of sourceforge.net for PHP scripts recently. But don’t worry, arfis will continue with download and checking scripts from hotscripts.com. Yeah, more RFI’s will come :).

Project Name: php(Reactor)
Project Link: http://sourceforge.net/projects/phpreactor/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpreactor/phpreactor-1.2.7pl1.tar.gz
RFI Info:
File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/ekilat.com-int.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/phpreactor.org-top.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/ekilat.com-top.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

(found with version 0.3 – 4147 projects processed so far)

Project Name: PHPortal
Project Link: http://sourceforge.net/projects/xpc/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/xpc/PHPortal_beta_v027.zip
RFI Info:
File: tmp/PHPortal_beta_v027/form/db_form/employee.php
Line: 4
Vuln Code: require($DOCUMENT_ROOT.’/form/db_form_o_model.php’);

(found with version 0.3 – 4141 projects processed so far)

Project Name: YaPiG – Yet Another PHP Image Gallery
Project Link: http://sourceforge.net/projects/yapig/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/yapig/yapig-0.95b.tar.gz
RFI Info:
File: tmp/yapig-0.95b.ta/yapig-0.95b/sample.php
Line: 10
Vuln Code: require_once($YAPIG_PATH .’last_gallery.php’);

(found with version 0.3 – 4139 projects processed so far)

Project Name: myphpPagetool
Project Link: http://sourceforge.net/projects/myphppagetool/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/myphppagetool/myphpPagetool-0.4.3.tar.gz
RFI Info:
File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/index.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help6.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help9.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help3.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help1.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help4.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help8.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help5.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help2.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help7.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

(found with version 0.3 – 4028 projects processed so far)

Project Name: Webmedia Explorer
Project Link: http://sourceforge.net/projects/webmex/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/webmex/Webmedia_Explorer_3_2_2.zip
RFI Info:
File: tmp/Webmedia_Explorer_3_2_2/wme/includes/core.lib.php
Line: 3
Vuln Code: include ( $path_include.”int.class.php” );

File: tmp/Webmedia_Explorer_3_2_2/wme/includes/rss.class.php
Line: 3
Vuln Code: include ( $path_include.”xdoc.class.php” );

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/main.tpl.php
Line: 14
Vuln Code:

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/folder_messages_link_message_name.tpl.php
Line: 7
Vuln Code: I_am_post () ) include ( $path_template.”folder_messages_link_message_desc.tpl.php” ) ?>

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/sidebar.tpl.php
Line: 7
Vuln Code: include ( $path_templates.”dirs.tpl.php” );

(found with version 0.3 – 4016 projects processed so far)

Project Name: Streamline PHP Media Server
Project Link: http://sourceforge.net/projects/streamline/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/streamline/streamline-1.0-beta4.tar.gz
RFI Info:
File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/admin_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/admin/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/info_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/browse/info_footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/theme_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/common/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/browse_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/browse/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/account_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/account/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/search_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/search/footer.php” );

(found with version 0.3 – 4005 projects processed so far)

Project Name: pSlash
Project Link: http://sourceforge.net/projects/pslash/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/pslash/pslash-0.70.tar.gz
RFI Info:
File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/admin/view-archiver.inc.php
Line: 14
Vuln Code: include($lvc_admin_dir.’/archiver-export.inc.php’);

File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/include/config.inc.php
Line: 33
Vuln Code: include($lvc_include_dir.’lang/english.inc.php’);

File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/include/menus.inc.php
Line: 47
Vuln Code: include($lvc_include_dir.’/menus-’.$view.’.inc.php’);

(found with version 0.3 – 3870 projects processed so far)

Now the script checks also for “defined(…) or die” wich also kill’s RFI’s. Another check: if the include or require is in a function, if so the RFI is useless. Version 0.3 is now running.

Project Name: openEngine
Project Link: http://sourceforge.net/projects/openengine/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/openengine/openengine19_beta1.zip
RFI Info:
File: tmp/openengine19_beta1/openengine19/html/modules/extranet_profile/main.php
Line: 10
Vuln Code: include($this_module_path.”/profile_new.php”);

(found with version 0.3 – 3846 projects processed so far)

Project Name: guanxiCRM Business Solution
Project Link: http://sourceforge.net/projects/guanxicrm/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/guanxicrm/guanxicrm_0.9.1.tar.gz
RFI Info:
File: tmp/guanxicrm_0.9.1.ta/modules/webmail2/inc/rfc822.php
Line: 20
Vuln Code: require_once($webmail2_inc_dir.’pear.php’);

(found with version 0.2 – 3777 projects processed so far)

Project Name: Online Fantasy Football League
Project Link: http://sourceforge.net/projects/offl/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/offl/offl-0.2.6-patch.zip
RFI Info:
File: tmp/offl-0.2.6-patch/offl-0.2.6-patch/www/lib/classes/offl_nflteam.php
Line: 12
Vuln Code: require_once($DOC_ROOT . “/lib/classes/offl_dbobject.php”);

(found with version 0.2 – 3673 projects processed so far)

Project Name: EZ-Ticket
Project Link: http://sourceforge.net/projects/ezt/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/ezt/ezt-0.01.tar.gz
RFI Info:
File: tmp/ezt-0.01.ta/ezt/common.php
Line: 3
Vuln Code: include($ezt_root_path . ‘/functions/anti-hack.php’);

(found with version 0.2 – 3666 projects processed so far)

Project Name: phpmyProfiler
Project Link: http://sourceforge.net/projects/phpmyprofiler/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpmyprofiler/phpmyProfiler-0.9.6b.tar.bz2
RFI Info:
File: tmp/phpmyProfiler-0.9.6b.tar/include/plugin/block.t.php
Line: 9
Vuln Code: require_once($pmp_rel_path . “/functions.php”);

(found with version 0.2 – 3643 projects processed so far)

Project Name: Mods 4 Xoops Contenido eZ publish
Project Link: http://sourceforge.net/projects/pdf4cms/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/pdf4cms/contenido42VV10.zip
RFI Info:
File: tmp/contenido42VV10/contenidofinal/contenido/main_upl.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_upl.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_con_editside.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_con.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_news_rcp.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_news.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_mod.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_mod.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/con_show_sidelist.inc.php
Line: 5
Vuln Code: include ($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/mod_show_modules.inc.php
Line: 5
Vuln Code: include ($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/con_edit_form.inc.php
Line: 94
Vuln Code:

File: tmp/contenido42VV10/contenidofinal/contenido/inc/lay_show_layouts.inc.php
Line: 5
Vuln Code: include ($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/con_show_tree.inc.php
Line: 7
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/news_show_newsletters.inc.php
Line: 24
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_emptycol.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/upl_show_uploads.inc.php
Line: 16
Vuln Code: include($cfgPathInc.”upl_upload_form.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/str_show_tree.inc.php
Line: 6
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/tpl_show_templates.inc.php
Line: 5
Vuln Code: include ($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/stat_show_tree.inc.php
Line: 5
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/con_editcontent.inc.php
Line: 2
Vuln Code: if ($action == 10) {include($cfgPathContenido.$cfgPathTpl.”tplInputField_”.$type.”.inc.php”);}

File: tmp/contenido42VV10/contenidofinal/contenido/inc/news_show_recipients.inc.php
Line: 43
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_emptycol.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_tplinput_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tplinput.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_con.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_con.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_tpl.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tpl.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_con_sidelist.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_con.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_str.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_str.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_news.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_news.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_tplinput.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tplinput.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_lang.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_lang.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_mod_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_mod.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_lay.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_lay.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_lay_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_lay.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_user_md5.php3
Line: 2
Vuln Code: include($cfgPathTpl.”header.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_news_send.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_news.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_con_edittpl.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tpl.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_stat.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_stat.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_mod.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_lay.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_upl.php
Line: 8
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_stat.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_news.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_str.php
Line: 6
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/header.php
Line: 123
Vuln Code: include($cfgPathTpl.”form_client.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_con_sidelist.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/main_top.inc.php
Line: 3
Vuln Code: include($cfgPathTpl.”all_html_table1_1.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_tpl.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_con.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_tpl_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tpl.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_news_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_news.inc.php”);

(found with version 0.2 – 3613 projects processed so far)

Project Name: der-dirigent
Project Link: http://sourceforge.net/projects/der-dirigent/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/der-dirigent/der_dirigent_v1.0.zip
RFI Info:
File: tmp/der_dirigent_v1.0/backend/inc/inc.generate_code.php
Line: 7
Vuln Code: include($dedi_path.’inc/fnc.type.php’);

File: tmp/der_dirigent_v1.0/projekt01/cms/inc/frontend.php
Line: 159
Vuln Code: include( $dedi_path . ‘inc/inc.generate_code.php’ );

File: tmp/der_dirigent_v1.0/projekt01/cms/inc/backend.php
Line: 5
Vuln Code: include($dedi_path.’inc/fnc.generate_code.php’);

File: tmp/der_dirigent_v1.0/backend/inc/fnc.type_forms.php
Line: 7
Vuln Code: include_once($dedi_path.’inc/fnc.type_common.php’);

File: tmp/der_dirigent_v1.0/backend/inc/fnc.type.php
Line: 24
Vuln Code: include_once($dedi_path.’inc/fnc.type_common.php’);

File: tmp/der_dirigent_v1.0/backend/inc/class.filemanager.php
Line: 81
Vuln Code: require_once ($this_dir.’inc/class.fileaccess.php’);

(found with version 0.2 – 3572 projects processed so far)

Project Name: phpFFL – Fantasy Football League Manager
Project Link: http://sourceforge.net/projects/phpffl/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpffl/phpffl_1_24.tar.gz
RFI Info:
File: tmp/phpffl_1_24.ta/phpffl/phpffl_webfiles/signup.php
Line: 2
Vuln Code: include($PHPFFL_FILE_ROOT.”program_files/config.php”);

File: tmp/phpffl_1_24.ta/phpffl/phpffl_webfiles/program_files/livedraft/livedraft.php
Line: 2
Vuln Code: require($PHPFFL_FILE_ROOT.”program_files/livedraft/sajax.php”);

File: tmp/phpffl_1_24.ta/phpffl/phpffl_webfiles/program_files/livedraft/admin.php
Line: 2
Vuln Code: require($PHPFFL_FILE_ROOT.”program_files/livedraft/sajax.php”);

(found with version 0.2 – 3560 projects processed so far)

Project Name: Ajax File Browser
Project Link: http://sourceforge.net/projects/ajaxfb/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/ajaxfb/afb-3-beta-2007-08-28.zip
RFI Info:
File: tmp/afb-3-beta-2007-08-28/_includes/settings.inc.php
Line: 12
Vuln Code: require_once($approot.’_includes/functions_file.inc.php’);

(found with version 0.2 – 3552 projects processed so far)

Project Name: Puzzle Apps CMS
Project Link: http://sourceforge.net/projects/puzzlecms/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/puzzlecms/puzzle2-2.2.1.tar.gz
RFI Info:
File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/my/my.module.php
Line: 69
Vuln Code: include_once($MODULEDIR . “drivers/” . $DRIVER . “.driver.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/xml/xml.module.php
Line: 3
Vuln Code: include_once($MODULEDIR . “drivers/xml.driver.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/config.loader.php
Line: 5
Vuln Code: include_once($COREROOT . “config/loader.config.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/platform.loader.php
Line: 8
Vuln Code: include_once($COREROOT . “core/platform.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/core.loader.php
Line: 3
Vuln Code: include_once($COREROOT.”core/permissions.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/person.loader.php
Line: 8
Vuln Code: include_once($COREROOT . “core/person.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/module.loader.php
Line: 5
Vuln Code: include_once($COREROOT . “core/module.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/people.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET["load"] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/general.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET["load"] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/content.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET["load"] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/templates.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET["load"] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/webstat/MEC/index.php
Line: 100
Vuln Code: include($THISDIR . ‘nav.inc’);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/install/steps/step_3.php
Line: 44
Vuln Code: require($COREROOT . “modules/database/adodb/adodb-xmlschema.inc.php”);

(found with version 0.2 – 3386 projects processed so far)