PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter.
https://www.exploit-db.com/exploits/2424
https://exchange.xforce.ibmcloud.com/vulnerabilities/29122
http://www.vupen.com/english/advisories/2006/3760
http://www.syntaxcms.org/content/article/detail/513
http://www.securityfocus.com/bid/20171