PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.