PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.
https://www.exploit-db.com/exploits/6992
https://exchange.xforce.ibmcloud.com/vulnerabilities/46341