Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.
https://exchange.xforce.ibmcloud.com/vulnerabilities/22258
http://securityreason.com/securityalert/5