A vulnerability was reported in the XOOPS third party Incontent module. A remote user can view the content of PHP files The module does not properly validate user-supplied input in the 'url' parameter The author web site is down also please don't use this module before correcting the hole.