PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter.