PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.