PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter.
https://www.exploit-db.com/exploits/3751
https://exchange.xforce.ibmcloud.com/vulnerabilities/33705