PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/35808
http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html
http://www.securityfocus.com/archive/1/477245/100/0/threaded
http://www.securityfocus.com/archive/1/477144/100/0/threaded
http://www.securityfocus.com/archive/1/475544/100/0/threaded