PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter.
https://www.exploit-db.com/exploits/2410
https://exchange.xforce.ibmcloud.com/vulnerabilities/29081
http://www.securityfocus.com/archive/1/446748/100/0/threaded