Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php.
https://www.exploit-db.com/exploits/6678
https://exchange.xforce.ibmcloud.com/vulnerabilities/45673