PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0289)