PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.