PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter.