In the Script Xoops-2.0.16 are Remote File Inclusion Bugs 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script          : xoops-2.0.16-Kararli
Discovered By   : F10
Contact         : by_f10@hotmail.com
WebSite         : http://by-f10.com
Greetz          : by_emR3 , H0tturk , TaRanTuLa ,       
                  gsy , ercu_145 ,               
                  LupuS,m0sted,CyberGhost ... . 
>From            : Turkey
Description     : In the Script Xoops-2.0.16 are  
                  Remote File Inclusion Bugs.
                  I show the bugs, in which file  
                  are their.
                  "xoops-2.0.16-Kararli/" << is  
                   the script path..
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

-------------------------------------
bugs:

xoops-2.0.16-Kararli/htdocs/notifications.php         include_once $lookup_file;
xoops-2.0.16-Kararli/htdocs/extras/login.php        include $path.'/mainfile.php';
xoops-2.0.16-Kararli/htdocs/include/functions.php        require_once $hnd_file;
xoops-2.0.16-Kararli/htdocs/include/functions.php        include_once $hnd_file;
xoops-2.0.16-Kararli/htdocs/kernel/notification.php        include_once $tags_file;
xoops-2.0.16-Kararli/htdocs/kernel/notification.php        include_once $lookup_file;
xoops-2.0.16-Kararli/htdocs/class/auth/authfactory.php        require_once $file;
xoops-2.0.16-Kararli/htdocs/class/database/databasefactory.php        require_once $file;
xoops-2.0.16-Kararli/htdocs/class/database/databasefactory.php        require_once $file;
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        $_smarty_results =
smarty_core_process_compiled_include($_params, $this);
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        include($_smarty_compile_path);
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        include($_smarty_compile_path);
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        require_once($this->_get_plugin_filepath('function',
'config_load'));
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        require_once($this->compiler_file);
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        function
_smarty_include($params)
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        include($_smarty_compile_path);
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        function
_include($filename, $once=false, $params=null)
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        return
include_once($filename);
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty.class.php        return include($filename);
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty_Compiler.class.php        include_once
$plugin_file;
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty_Compiler.class.php        include_once
$plugin_file;
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty_Compiler.class.php        include_once
$plugin_file;
xoops-2.0.16-Kararli/htdocs/class/smarty/Smarty_Compiler.class.php        $output .=
"\$this->_smarty_include($_params);\n" .
xoops-2.0.16-Kararli/htdocs/modules/system/admin.php        include
$admin_dir.'/'.$file.'/xoops_version.php';
xoops-2.0.16-Kararli/htdocs/class/mail/phpmailer/class.phpmailer.php        include_once($this->PluginDir
. "class.smtp.php");
xoops-2.0.16-Kararli/htdocs/class/mail/phpmailer/class.phpmailer.php        include($lang_path.'phpmailer.lang-'.$lang_type.'.php');
xoops-2.0.16-Kararli/htdocs/class/mail/phpmailer/class.phpmailer.php        include($lang_path.'phpmailer.lang-en.php');
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.display_debug_console.php        $smarty->_include($_compile_path);
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.load_plugins.php        include_once
$_plugin_file;
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.load_resource_plugin.php        include_once($_plugin_file);
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.process_cached_inserts.php        $smarty->_include($php_resource,
true);
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.process_compiled_include.php        function
smarty_core_process_compiled_include($params, &$smarty)
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.process_compiled_include.php        $smarty->_include($_include_file_path,
true);
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.run_insert_handler.php        $smarty->_include($_params['php_resource'],
true);
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.smarty_include_php.php        $smarty->_include($_smarty_php_resource,
$params['smarty_once'], $params['smarty_include_vars']);
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.smarty_include_php.php        $smarty->_include($_smarty_php_resource,
$params['smarty_once'], $params['smarty_include_vars']);
xoops-2.0.16-Kararli/htdocs/class/smarty/internals/core.write_compiled_include.php        function
smarty_core_write_compiled_include($params, &$smarty)
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.config_load.php        include($_compile_file);
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.html_checkboxes.php        require_once
$smarty->_get_plugin_filepath('shared','escape_special_chars');
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.html_image.php        require_once
$smarty->_get_plugin_filepath('shared','escape_special_chars');
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.html_options.php        require_once
$smarty->_get_plugin_filepath('shared','escape_special_chars');
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.html_radios.php        require_once
$smarty->_get_plugin_filepath('shared','escape_special_chars');
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.html_select_date.php        require_once
$smarty->_get_plugin_filepath('shared','make_timestamp');
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.html_select_date.php        require_once
$smarty->_get_plugin_filepath('function','html_options');
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.html_select_time.php        require_once
$smarty->_get_plugin_filepath('shared','make_timestamp');
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/function.html_select_time.php        require_once
$smarty->_get_plugin_filepath('function','html_options');
xoops-2.0.16-Kararli/htdocs/class/smarty/plugins/modifier.date_format.php        require_once
$smarty->_get_plugin_filepath('shared','make_timestamp');
xoops-2.0.16-Kararli/htdocs/class/smarty/xoops_plugins/compiler.includeq.php        $output
.= "\$this->_smarty_include($_params);\n";
xoops-2.0.16-Kararli/htdocs/modules/xplorer/admin/admin_header.php        include_once($admin_lang_file);