PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/30403
http://www.securityfocus.com/bid/21162
http://www.securityfocus.com/archive/1/452128/100/200/threaded