PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.
https://www.exploit-db.com/exploits/2452
https://exchange.xforce.ibmcloud.com/vulnerabilities/29263