PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.