PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message.