PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.