PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/56675
http://packetstormsecurity.org/1003-exploits/gnattgp-rfi.txt