PHP CRS version 3.Za suffers from a local file inclusion vulnerability. This is the same issue that affected 2.06.
883ae81c29038f3d0deb3b7c38d17b50fdec4d39c334135e65963efad4004953
phpcrs versions 2.06 and below suffer from a local file inclusion vulnerability in frame.php.
f3f5ceed0b2a882f00799480dd29bb48e51b8f1d7e14fdabb0c036cc052cd176