PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.