PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/23023
http://www.vupen.com/english/advisories/2005/2347
http://www.securityfocus.com/archive/1/415963/30/0/threaded
http://securitytracker.com/id?1015163