[ECHO_ADV_46$2006] P-Book 1.17 and prior (pb_lang) Remote File Inclusion: Input passed to the "pb_lang" parameter in admin.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
81bf25ee0d5dd0d6f1459a06b803e61f88bbb1fde82e375f7e6e5cc43daf6a4f