In the admin panel, parameters such as _g and node are used to construct the path to include .inc.php files and execute PHP code. A malicious user with the ability to upload .inc.php files anywhere on the server can exploit a path traversal vulnerability to include them and execute malicious code.
Risk: Low