Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/34443
http://www.securityfocus.com/archive/1/477253/100/0/threaded