PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3401)