An improper validation of user-supplied input leads to a local file inclusion vulnerability.