A vulnerability identified as problematic has been detected in Henrique Dias IMDb Profile Widget 1.0.8 . Affected is an unknown function of the file pic.php . This manipulation of the argument url causes improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2016-20078 . The attack is possible to be carried out remotely. M