PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote malicious users to execute arbitrary PHP code via the web_root parameter.
jinzora jinzora 2.6