Public CVE-2006-5091 disclosure

PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter.