PHP remote file inclusion vulnerability in includes/functions.inc.php in phpVoter 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/35691
http://www.securityfocus.com/archive/1/475100/100/0/threaded