PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
https://www.exploit-db.com/exploits/3846
https://sourceforge.net/project/shownotes.php?group_id=88942&release_id=533122
https://exchange.xforce.ibmcloud.com/vulnerabilities/34073