PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/36143
http://www.securityfocus.com/archive/1/477243/100/0/threaded