PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.
https://exchange.xforce.ibmcloud.com/vulnerabilities/11341
http://www.securityfocus.com/bid/6863
http://secunia.com/advisories/10754
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0071.html