PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.
http://www.vupen.com/english/advisories/2007/0716
http://www.securityfocus.com/archive/1/460917/100/0/threaded