PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27402
http://www.securityfocus.com/archive/1/438169/100/100/threaded