PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/30050
http://www.securityfocus.com/archive/1/450701/100/0/threaded
http://sourceforge.net/project/shownotes.php?release_id=478370