PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27541
https://exchange.xforce.ibmcloud.com/vulnerabilities/27540
http://www.vupen.com/english/advisories/2006/2740
http://www.securityfocus.com/archive/1/439750/100/0/threaded