Local File Inclusion vulnerability in v1.9

[cilan2]

PHP Version <5.3.4
Local File Inclusion vulnerability in page-edit.php

$data = unserialize(file_get_contents($file_path));
$page_old_state = $data['state'];
$index_file = '../mc-files/pages/index/'.$page_old_state.'.php'
require $index_file

write a page or article with content:

use burp to