PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/29331
http://www.securityfocus.com/archive/1/447896/100/0/threaded
http://www.securityfocus.com/archive/1/447735/100/0/threaded