PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter.
https://www.exploit-db.com/exploits/1971
https://exchange.xforce.ibmcloud.com/vulnerabilities/27541