PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18695
http://www.gulftech.org/?node=research&article_id=00058-12242004