PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.
https://exchange.xforce.ibmcloud.com/vulnerabilities/32243
http://www.securityfocus.com/archive/1/459191/100/0/threaded