PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16282
http://secunia.com/advisories/11740