PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter.